{"resultsPerPage":284,"startIndex":0,"totalResults":284,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T02:46:06.514","vulnerabilities":[{"cve":{"id":"CVE-2018-10902","sourceIdentifier":"secalert@redhat.com","published":"2018-08-21T19:29:00.220","lastModified":"2026-07-07T15:16:40.793","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation."},{"lang":"es","value":"Se ha detectado que el controlador del kernel midi raw no protege contra el acceso concurrente, lo que conduce a un doble realloc (doble liberación) en snd_rawmidi_input_params() y snd_rawmidi_output_status(), que son parte del manipulador snd_rawmidi_ioctl() en el archivo rawmidi.c. Un atacante local malicioso podría utilizarlo para escalar privilegios."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"affected","versions":[{"version":"3.16.58","lessThan":"3.16.*","versionType":"semver","status":"unaffected"},{"version":"3.18.117","lessThan":"3.18.*","versionType":"semver","status":"unaffected"},{"version":"4.4.144","lessThan":"4.4.*","versionType":"semver","status":"unaffected"},{"version":"4.9.115","lessThan":"4.9.*","versionType":"semver","status":"unaffected"},{"version":"4.14.100","lessThan":"4.14.*","versionType":"semver","status":"unaffected"},{"version":"4.17.10","lessThan":"4.17.*","versionType":"semver","status":"unaffected"},{"version":"4.18","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105119","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041529","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:3083","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:3096","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0415","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0641","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3217","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2019:3967","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3776-1/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3776-2/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3847-1/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3847-2/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3847-3/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3849-1/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3849-2/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4308","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/105119","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041529","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:3083","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:3096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0415","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0641","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3217","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:3967","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3776-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3776-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3847-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3847-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3847-3/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3849-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3849-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4308","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-30004","sourceIdentifier":"cve@mitre.org","published":"2021-04-02T05:15:13.313","lastModified":"2026-07-07T19:16:47.327","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c."},{"lang":"es","value":"En wpa_supplicant y hostapd versión 2.9, los ataques de falsificación pueden ocurrir porque los parámetros AlgorithmIdentifier son manejados inapropiadamente en los archivos tls/pkcs1.c y tls/x509v3.c."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T18:22:47.347754Z","id":"CVE-2021-30004","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:w1.fi:hostapd:2.9:*:*:*:*:*:*:*","matchCriteriaId":"EF4AE8EA-985A-471B-A423-591D604D6C0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:w1.fi:wpa_supplicant:2.9:*:*:*:*:*:*:*","matchCriteriaId":"8BA940F9-A024-41FD-9B35-956788414E35"}]}]}],"references":[{"url":"https://security.gentoo.org/glsa/202309-16","source":"cve@mitre.org"},{"url":"https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202309-16","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-30065","sourceIdentifier":"cve@mitre.org","published":"2022-05-18T15:15:10.240","lastModified":"2026-07-07T19:16:47.807","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function."},{"lang":"es","value":"Un uso de memoria previamente liberada en el applet awk de Busybox versión 1.35-x, conlleva a una denegación de servicio y posiblemente una ejecución de código cuando es procesado un patrón awk diseñado en la función copyvar"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T18:22:26.345574Z","id":"CVE-2022-30065","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*","matchCriteriaId":"F4554177-6CDF-42D9-80DF-5789A982CB6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"21A75847-54F1-453A-82D7-B6D2CB2DE7AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"50FEE5FA-B141-4E5F-8673-363089262530"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"EAC3EE40-4398-4337-B40E-8AACDF225BBF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"E00E02E5-109C-44E7-8C20-BFEE7C739ADC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"8A79836B-5EC1-40AF-8A57-9657EF6758E5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"E1BC85A6-386C-43E9-9266-50F8C53C7362"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"FCB9BD17-7F1F-42E9-831F-EB907F9BC214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"10C7D54A-27B4-4195-8131-DD5380472A75"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*","matchCriteriaId":"E54AF1E6-0E52-447C-8946-18716D30EBE2"}]}]}],"references":[{"url":"https://bugs.busybox.net/show_bug.cgi?id=14781","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugs.busybox.net/show_bug.cgi?id=14781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-21952","sourceIdentifier":"meissner@suse.de","published":"2022-06-22T10:15:07.917","lastModified":"2026-07-07T18:51:22.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37."},{"lang":"es","value":"Una vulnerabilidad de consumo no controlado de recursos en spacewalk-java de SUSE Manager Server versión 4.1, SUSE Manager Server versión 4.2, permite a atacantes remotos agotar fácilmente los recursos de disco disponibles, conllevando a una Denegación de Servicio. Este problema afecta a: SUSE Manager Server versiones 4.1 spacewalk-java anteriores a la 4.1.46. SUSE Manager Server versiones 4.2 spacewalk-java anteriores a la 4.2.37"}],"affected":[{"source":"meissner@suse.de","affectedData":[{"vendor":"SUSE","product":"SUSE Manager Server 4.1","defaultStatus":"unaffected","versions":[{"version":"spacewalk-java","lessThan":"4.1.46","versionType":"custom","status":"affected"}]},{"vendor":"SUSE","product":"SUSE Manager Server 4.2","defaultStatus":"unaffected","versions":[{"version":"spacewalk-java","lessThan":"4.2.37","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"meissner@suse.de","type":"Primary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-770"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"4.1.46","matchCriteriaId":"7BC025A6-6EEF-4802-B050-0B7D5A593AF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.2.37","matchCriteriaId":"4D74F0E1-42C8-4775-A05C-293C742F5376"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1199512","source":"meissner@suse.de","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1199512","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-45815","sourceIdentifier":"security-advisories@github.com","published":"2023-10-19T22:15:10.407","lastModified":"2026-07-07T14:16:26.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ArchiveBox is an open source self-hosted web archiving system. Any users who are using the `wget` extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious Javascript could potentially act using your logged-in admin credentials and add/remove/modify snapshots, add/remove/modify ArchiveBox users, and generally do anything an admin user could do. The impact is less severe for non-logged-in users, as malicious Javascript cannot *modify* any archives, but it can still *read* all the other archived content by fetching the snapshot index and iterating through it. Because all of ArchiveBox's archived content is served from the same host and port as the admin panel, when archived pages are viewed the JS executes in the same context as all the other archived pages (and the admin panel), defeating most of the browser's usual CORS/CSRF security protections and leading to this issue. Version 0.9.0 contains a patch. As a mitigation for this issue would be to disable the wget extractor by setting `archivebox config --set SAVE_WGET=False`, ensure you are always logged out, or serve only a [static HTML version](https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html) of your archive."},{"lang":"es","value":"ArchiveBox es un sistema de archivo web autohospedado de código abierto. Cualquier usuario que esté utilizando el extractor `wget` y vea el contenido que genera. El impacto es potencialmente grave si inicia sesión en el sitio de administración de ArchiveBox en la misma sesión del navegador y ve una página maliciosa archivada diseñada para apuntar a su instancia de ArchiveBox. Javascript malicioso podría potencialmente actuar utilizando sus credenciales de administrador iniciadas y agregar/eliminar/modificar instantáneas, agregar/eliminar/modificar usuarios de ArchiveBox y, en general, hacer cualquier cosa que un usuario administrador pueda hacer. El impacto es menos severo para los usuarios que no han iniciado sesión, ya que Javascript malicioso no puede *modificar* ningún archivo, pero aún puede *leer* todo el resto del contenido archivado al obtener el índice de la instantánea y recorrerlo en iteración. Debido a que todo el contenido archivado de ArchiveBox se sirve desde el mismo host y puerto que el panel de administración, cuando se ven las páginas archivadas, JS se ejecuta en el mismo contexto que todas las demás páginas archivadas (y el panel de administración), anulando la mayoría de las funciones habituales del navegador. Protecciones de seguridad CORS/CSRF y lo que lleva a este problema. Se está desarrollando un parche en https://github.com/ArchiveBox/ArchiveBox/issues/239. Como mitigación para este problema, sería deshabilitar el extractor de wget configurando `archivebox config --set SAVE_WGET=False`, asegurarse de estar siempre desconectado o servir solo una [versión HTML estática] (https://github.com /ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html) de su archivo."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ArchiveBox","product":"ArchiveBox","versions":[{"version":"< 0.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-12T17:50:22.528558Z","id":"CVE-2023-45815","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:archivebox:archivebox:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6.2","matchCriteriaId":"7E721DF1-19BE-4E74-AAD8-C2C26FB0B887"}]}]}],"references":[{"url":"https://en.wikipedia.org/wiki/Cross-site_request_forgery","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox#caveats","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox/commit/a6548df8d0aae1d3d326deb1191b128232708166","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox/issues/239","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/ArchiveBox/ArchiveBox/pull/1773","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox/security/advisories/GHSA-cr45-98w9-gwqx","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ArchiveBox/ArchiveBox/wiki/Configuration#save_wget","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#2-export-and-host-it-as-static-html","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox/wiki/Publishing-Your-Archive#security-concerns","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview","source":"security-advisories@github.com"},{"url":"https://github.com/pypa/advisory-database/tree/main/vulns/archivebox/PYSEC-2023-229.yaml","source":"security-advisories@github.com"},{"url":"https://github.com/ArchiveBox/ArchiveBox/issues/239","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/ArchiveBox/ArchiveBox/security/advisories/GHSA-cr45-98w9-gwqx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-43590","sourceIdentifier":"secure@microsoft.com","published":"2024-10-08T18:15:26.913","lastModified":"2026-07-07T15:55:16.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Visual C++ Redistributable Installer Elevation of Privilege Vulnerability"},{"lang":"es","value":"Vulnerabilidad de elevación de privilegios en el instalador redistribuible de Visual C++"}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)","versions":[{"version":"15.9.0","lessThan":"15.9.67","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)","versions":[{"version":"16.11.0","lessThan":"16.11.41","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Visual Studio 2022 version 17.10","versions":[{"version":"17.10","lessThan":"17.10.8","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Visual Studio 2022 version 17.11","versions":[{"version":"17.11","lessThan":"17.11.5","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Visual Studio 2022 version 17.6","versions":[{"version":"17.6.0","lessThan":"17.6.20","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Visual Studio 2022 version 17.8","versions":[{"version":"17.8.0","lessThan":"17.8.15","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Visual C++ Redistributable Installer","versions":[{"version":"10.0.0","lessThan":"14.40.33816","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-08T18:34:14.182011Z","id":"CVE-2024-43590","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_c\\+\\+_redistributable:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"14.40.33816","matchCriteriaId":"05C4FCAA-8638-476C-A60F-C1FE9922D613"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.9.67","matchCriteriaId":"00680F8D-9858-4706-8888-4130E4CDA76B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.9.67","matchCriteriaId":"1915924B-3EB6-4EF4-9DC8-31A98C858ADD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0","versionEndExcluding":"16.11.41","matchCriteriaId":"111ACA28-0E8E-4F6D-BE67-F2E0703BC33F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*","versionStartIncluding":"17.6.0","versionEndExcluding":"17.6.20","matchCriteriaId":"18D2A92E-FB5F-4892-A7EF-0DBD26281248"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*","versionStartIncluding":"17.8.0","versionEndExcluding":"17.8.15","matchCriteriaId":"34609790-24EF-448C-8AED-9BF831D73629"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*","versionStartIncluding":"17.10.0","versionEndExcluding":"17.10.8","matchCriteriaId":"480AA116-1C38-4778-A84D-321278AEC747"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*","versionStartIncluding":"17.11.0","versionEndExcluding":"17.11.5","matchCriteriaId":"AD8D6C06-D7AB-4E82-AAD6-4240603B6AC6"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-54216","sourceIdentifier":"audit@patchstack.com","published":"2024-12-06T14:15:26.633","lastModified":"2026-07-07T12:16:25.833","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms allows Path Traversal.\n\nThis issue affects ARForms: from n/a before 7.0.2."},{"lang":"es","value":"La vulnerabilidad de path traversal en NotFound ARForms permite el path traversal. Este problema afecta a ARForms: desde n/a hasta 6.4.1."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"reputeinfosystems","product":"ARForms","defaultStatus":"unaffected","versions":[{"version":"n/a","lessThan":"7.0.2","versionType":"custom","status":"affected","changes":[{"at":"7.0.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-06T16:22:22.639170Z","id":"CVE-2024-54216","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-35"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:reputeinfosystems:arforms:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"6.4.1","matchCriteriaId":"4DA88C3B-0C6A-4889-9114-4A1DE8661427"}]}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/arforms/vulnerability/wordpress-arforms-plugin-6-4-1-subscriber-arbitrary-file-read-vulnerability?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-49795","sourceIdentifier":"secalert@redhat.com","published":"2025-06-16T16:15:19.203","lastModified":"2026-07-07T13:16:28.003","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service."},{"lang":"es","value":"Se detectó una vulnerabilidad de desreferencia de puntero nulo en libxml2 al procesar expresiones XML XPath. Esta falla permite a un atacante manipular una entrada XML maliciosa en libxml2, lo que provoca una denegación de servicio."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"GNOME","product":"libxml2","defaultStatus":"unaffected","repo":"https://gitlab.gnome.org/GNOME/libxml2/","versions":[{"version":"2.10.0","lessThan":"2.14.5","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"versions":[{"version":"0:2.12.5-7.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Core Services 2.4.62.SP2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/a:redhat:jboss_core_services:1"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"libxml2-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.15.2-0.3.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM RST2428P","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V4.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-16T15:30:23.392664Z","id":"CVE-2025-49795","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:10630","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19020","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7519","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-49795","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372379","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/932","source":"secalert@redhat.com"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-253495.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2026-29049","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T07:16:02.093","lastModified":"2026-07-07T14:16:29.857","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout (pkg/renovate/cache/cache.go). An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runne. Version 0.43.4 contains a patch."},{"lang":"es","value":"melange permite a los usuarios construir paquetes apk utilizando pipelines declarativos. En la versión 0.40.5 y anteriores, melange update-cache descarga URIs de configuraciones de compilación a través de io.Copy sin ningún límite de tamaño o tiempo de espera del cliente HTTP (pkg/renovate/cache/cache.go). Una URI controlada por un atacante en una configuración de melange puede causar escrituras de disco ilimitadas, agotando el disco en el ejecutor de compilación. No hay ningún parche conocido disponible públicamente."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"chainguard-dev","product":"melange","versions":[{"version":"< 0.43.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-09T20:00:02.881191Z","id":"CVE-2026-29049","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chainguard:melange:*:*:*:*:*:go:*:*","versionEndIncluding":"0.40.5","matchCriteriaId":"03E019F3-C40D-4A30-9A0C-8B4CC7D2FF8A"}]}]}],"references":[{"url":"https://github.com/chainguard-dev/melange/commit/652ca5af08588f78e2d405e64b058fac8398d23f","source":"security-advisories@github.com"},{"url":"https://github.com/chainguard-dev/melange/pull/2379","source":"security-advisories@github.com"},{"url":"https://github.com/chainguard-dev/melange/releases/tag/v0.43.4","source":"security-advisories@github.com"},{"url":"https://github.com/chainguard-dev/melange/security/advisories/GHSA-7rp8-r62p-q6wc","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-26740","sourceIdentifier":"cve@mitre.org","published":"2026-03-18T18:16:26.220","lastModified":"2026-07-07T12:16:34.273","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size."},{"lang":"es","value":"Vulnerabilidad de desbordamiento de búfer en giflib v.5.2.2 permite a un atacante remoto causar una denegación de servicio a través de EGifGCBToExtension sobrescribiendo un bloque de extensión de control gráfico existente sin validar su tamaño asignado."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat build of OpenJDK 1.8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openjdk:1.8"]},{"vendor":"Red Hat","product":"Red Hat build of OpenJDK 11 ELS","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openjdk_els:11"]},{"vendor":"Red Hat","product":"Red Hat build of OpenJDK 17","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openjdk:17"]},{"vendor":"Red Hat","product":"Red Hat build of OpenJDK 21","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openjdk:21"]},{"vendor":"Red Hat","product":"Red Hat build of OpenJDK 25","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openjdk:25"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-18T18:43:32.619695Z","id":"CVE-2026-26740","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:giflib_project:giflib:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"CC3B1EB3-6B22-4CA4-8BBA-7AB8A754FAB2"}]}]}],"references":[{"url":"https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:33447","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33450","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33451","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33452","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33455","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33456","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33501","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33502","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33503","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33509","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-26740","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448747","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26740.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2025-67030","sourceIdentifier":"cve@mitre.org","published":"2026-03-25T18:16:25.880","lastModified":"2026-07-07T12:16:27.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code"},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el método extractFile de org.codehaus.plexus.util.Expand en plexus-utils anterior a 6d780b3378829318ba5c2d29547e0012d5b29642. Esto permite a un atacante ejecutar código arbitrario"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat JBoss EAP 8.1 for RHEL 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss EAP 8.1 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"affected","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.20.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:quarkus:3.20::el8"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.27.3","defaultStatus":"affected","cpes":["cpe:/a:redhat:quarkus:3.27::el8"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat AMQ Clients","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:amq_clients:2023"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus Native builder","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat JBoss Core Services","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_core_services:1"]},{"vendor":"Red Hat","product":"Red Hat JBoss Web Server 5","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_web_server:5"]},{"vendor":"Red Hat","product":"Red Hat JBoss Web Server 6","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_web_server:6"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-27T19:33:16.549505Z","id":"CVE-2025-67030","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codehaus-plexus:plexus-utils:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.1","matchCriteriaId":"642FD06A-559F-4234-BCC3-63AFFD47A41C"},{"vulnerable":true,"criteria":"cpe:2.3:a:codehaus-plexus:plexus-utils:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.3","matchCriteriaId":"29C552CC-D882-4EDF-AF4B-7AA02D7B70AE"}]}]}],"references":[{"url":"https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/issues/294","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/pull/295","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/pull/296","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18054","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18055","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18059","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35990","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35991","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35992","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35996","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35997","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36012","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7380","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-67030","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67030.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-2100","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:04.247","lastModified":"2026-07-07T15:16:43.333","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states."},{"lang":"es","value":"Se encontró una falla en p11-kit. Un atacante remoto podría explotar esta vulnerabilidad al llamar a la función C_DeriveKey en un token remoto con parámetros específicos del mecanismo de derivación IBM kyber o IBM btc establecidos en NULL. Esto podría llevar al cliente RPC intentando devolver un valor no inicializado, resultando potencialmente en una desreferencia NULL o comportamiento indefinido. Este problema puede causar una denegación de servicio a nivel de aplicación o a otros estados impredecibles del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"p11-glue","product":"p11-kit","defaultStatus":"unaffected","repo":"https://github.com/p11-glue/p11-kit","versions":[{"version":"0","lessThan":"0.26.2","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:0.26.2-1.el10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:0.26.2-1.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:0.26.2-1.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cost Management 4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"costmanagement/costmanagement-metrics-rhel9-operator","cpes":["cpe:/a:redhat:cost_management:4::el9"],"versions":[{"version":"1780946239","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"p11-kit-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"0.26.2-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"versions":[{"version":"1780420428","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798159","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798164","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798165","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"p11-kit","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-26T20:30:34.453809Z","id":"CVE-2026-2100","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-824"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:p11-kit_project:p11-kit:-:*:*:*:*:*:*:*","matchCriteriaId":"EC8CB498-F5D5-4AB6-B33E-404C80966280"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18143","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:18599","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:22634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:27998","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7065","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-2100","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437308","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/p11-glue/p11-kit/pull/740","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/p11-glue/p11-kit/releases/tag/0.26.2","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-35386","sourceIdentifier":"cve@mitre.org","published":"2026-04-02T17:16:27.623","lastModified":"2026-07-07T15:55:29.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenBSD","product":"OpenSSH","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":3.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-02T00:00:00+00:00","id":"CVE-2026-35386","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-696"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.3","matchCriteriaId":"BED65747-09B7-4705-8C8C-6C1ECEDA4CC6"}]}]}],"references":[{"url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.openssh.org/releasenotes.html#10.3p1","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://www.openwall.com/lists/oss-security/2026/04/02/3","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-5530","sourceIdentifier":"cna@vuldb.com","published":"2026-04-05T01:16:48.220","lastModified":"2026-07-07T19:16:55.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Ollama up to 0.18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"Ollama","cpes":["cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*"],"modules":["Model Pull API"],"versions":[{"version":"0.18.0","status":"affected"},{"version":"0.18.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-06T15:37:34.960587Z","id":"CVE-2026-5530","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-5530","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/782107","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/355283","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/355283/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-34755","sourceIdentifier":"security-advisories@github.com","published":"2026-04-06T16:16:36.463","lastModified":"2026-07-07T12:16:38.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM. This vulnerability is fixed in 0.19.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":">= 0.7.0, < 0.19.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-06T18:36:13.854345Z","id":"CVE-2026-34755","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.7.0","versionEndExcluding":"0.19.0","matchCriteriaId":"36E450C9-1DE7-4CEE-835B-FBE1D9F37704"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34755","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455403","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34755.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-34756","sourceIdentifier":"security-advisories@github.com","published":"2026-04-06T16:16:36.610","lastModified":"2026-07-07T12:16:39.163","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionRequest Pydantic models, an unauthenticated attacker can send a single HTTP request with an astronomically large n value. This completely blocks the Python asyncio event loop and causes immediate Out-Of-Memory crashes by allocating millions of request object copies in the heap before the request even reaches the scheduling queue. This vulnerability is fixed in 0.19.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":">= 0.1.0, < 0.19.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-07T14:16:25.517505Z","id":"CVE-2026-34756","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.1.0","versionEndExcluding":"0.19.0","matchCriteriaId":"E0C114ED-3459-4A6D-A572-812A9F3BF777"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/b111f8a61f100fdca08706f41f29ef3548de7380","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/37952","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3mwp-wvh9-7528","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34756","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455425","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34756.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-34982","sourceIdentifier":"security-advisories@github.com","published":"2026-04-06T16:16:38.777","lastModified":"2026-07-07T12:16:39.413","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0276","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-06T00:00:00+00:00","id":"CVE-2026-34982","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0276","matchCriteriaId":"B64DB9F0-F10B-40FA-A094-9178E5991FFF"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0276","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/01/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:11389","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11509","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11510","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19073","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19224","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22634","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28049","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28050","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28133","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30078","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30087","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30088","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30089","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30900","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33453","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34476","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34477","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34982","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455400","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34982.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-40190","sourceIdentifier":"security-advisories@github.com","published":"2026-04-10T20:16:24.043","lastModified":"2026-07-07T18:33:24.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function only guards against the __proto__ key, but fails to prevent traversal via constructor.prototype. This allows an attacker who controls keys in data processed by the createAnonymizer() API to pollute Object.prototype, affecting all objects in the Node.js process. This vulnerability is fixed in 0.5.18."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langchain-ai","product":"langsmith-sdk","versions":[{"version":"< 0.5.18","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T16:13:33.168377Z","id":"CVE-2026-40190","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langchain:langsmith:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.5.18","matchCriteriaId":"7304E366-AE7C-45DB-BD8A-77742DB3B235"}]}]}],"references":[{"url":"https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-fw9q-39r9-c252","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-6179","sourceIdentifier":"5ac195ad-69e7-48e7-9c1e-bfc958c39761","published":"2026-04-13T03:16:03.297","lastModified":"2026-07-07T18:29:59.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser"}],"affected":[{"source":"5ac195ad-69e7-48e7-9c1e-bfc958c39761","affectedData":[{"vendor":"FPT Software","product":"NightWolf Penetration Testing Platform","defaultStatus":"unaffected","versions":[{"version":"2.1.5","status":"affected"},{"version":"2.1.6","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5ac195ad-69e7-48e7-9c1e-bfc958c39761","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T17:36:38.518612Z","id":"CVE-2026-6179","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5ac195ad-69e7-48e7-9c1e-bfc958c39761","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fptsoftware:nightwolf_penetration_testing_platform:2.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7467E37E-8066-4300-BBBE-A127ABE62F2D"}]}]}],"references":[{"url":"https://bug.report.night-wolf.io/changelogs","source":"5ac195ad-69e7-48e7-9c1e-bfc958c39761","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-5936","sourceIdentifier":"14984358-7092-470d-8f34-ade47a7658a2","published":"2026-04-13T07:16:50.710","lastModified":"2026-07-07T18:26:51.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment."}],"affected":[{"source":"14984358-7092-470d-8f34-ade47a7658a2","affectedData":[{"vendor":"Foxit Software Inc.","product":"Foxit PDF Services API","defaultStatus":"unaffected","versions":[{"version":"before 2026-04-07","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"14984358-7092-470d-8f34-ade47a7658a2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T13:50:20.644193Z","id":"CVE-2026-5936","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"14984358-7092-470d-8f34-ade47a7658a2","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:foxit:pdf_services_api:*:*:*:*:*:*:*:*","versionEndExcluding":"2026-04-07","matchCriteriaId":"07237F4D-7EA9-4226-9456-093CEF8C2688"}]}]}],"references":[{"url":"https://www.foxit.com/support/security-bulletins.html","source":"14984358-7092-470d-8f34-ade47a7658a2","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0232","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-04-13T08:16:20.900","lastModified":"2026-07-07T18:19:52.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XDR Agent","defaultStatus":"unaffected","versions":[{"version":"9.1.0","lessThan":"5.10.14","versionType":"custom","status":"unaffected","changes":[{"at":"5.10.14","status":"unaffected"}]},{"version":"9.0","versionType":"custom","status":"unaffected"},{"version":"8.9","versionType":"custom","status":"unaffected"},{"version":"8.7-CE","versionType":"custom","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"Cortex XDR Agent","defaultStatus":"unaffected","cpes":["cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:9.0.0:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.9.0:*:*:*:*:Windows:*:*","cpe:2.3:a:palo_alto_networks:cortex_xdr_agent:8.7-CE:*:*:*:*:Windows:*:*"],"platforms":["Windows"],"versions":[{"version":"9.0","lessThan":"9.0.1","versionType":"custom","status":"affected","changes":[{"at":"9.0.1","status":"unaffected"}]},{"version":"8.9","lessThan":"8.9.1","versionType":"custom","status":"affected","changes":[{"at":"8.9.1","status":"unaffected"}]},{"version":"8.7-CE","lessThan":"8.7.101-CE","versionType":"custom","status":"affected","changes":[{"at":"8.7.101-CE","status":"unaffected"}]},{"version":"8.3-CE","lessThan":"8.3-CE-CU-2120","versionType":"custom","status":"affected","changes":[{"at":"8.3-CE","status":"unaffected"}]},{"version":"7.9-CE","lessThan":"7.9-CE-CU-2120","versionType":"custom","status":"affected","changes":[{"at":"7.9-CE","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T13:14:26.660757Z","id":"CVE-2026-0232","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-15"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*","versionStartIncluding":"8.7.0","versionEndExcluding":"8.7.101","matchCriteriaId":"0B1E0CC0-0F82-4127-8655-74B2EA7F3274"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9:*:*:*:critical_environment:*:*:*","matchCriteriaId":"9B23C9C1-9F79-4F1D-82D9-792746BED311"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3:*:*:*:critical_environment:*:*:*","matchCriteriaId":"BC839248-017D-440F-8A45-FEF7A56C073E"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.9.0:-:*:*:-:*:*:*","matchCriteriaId":"A021EC1C-26DF-4967-8531-C4E88160220F"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:9.0.0:-:*:*:-:*:*:*","matchCriteriaId":"B6010CD7-4231-4E17-BDD3-E5CB57D1D48F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0232","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0233","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-04-13T08:16:22.150","lastModified":"2026-07-07T18:12:23.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM  privileges."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Autonomous Digital Experience Manager","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"5.10.0","lessThan":"5.10.14","versionType":"custom","status":"affected","changes":[{"at":"5.10.14","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green","baseScore":2.0,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-14T13:49:27.633758Z","id":"CVE-2026-0233","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:autonomous_digital_experience_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.0","versionEndExcluding":"5.10.14","matchCriteriaId":"8DB32616-2C3D-46FC-B3C4-2DF6234E78ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0233","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0234","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-04-13T08:16:22.367","lastModified":"2026-07-07T18:08:26.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XSOAR Microsoft Teams Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.5.0","lessThan":"1.5.52","versionType":"custom","status":"affected","changes":[{"at":"1.5.52","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cortex XSIAM Microsoft Teams Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.5.0","lessThan":"1.5.52","versionType":"custom","status":"affected","changes":[{"at":"1.5.52","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T00:00:00+00:00","id":"CVE-2026-0234","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsiam:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.5.52","matchCriteriaId":"E801A883-959E-4752-8F35-EEDFD5089969"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.5.52","matchCriteriaId":"9E8A4503-1D45-42F8-A5BD-068BB42418CF"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0234","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-31991","sourceIdentifier":"psirt@hcl.com","published":"2026-04-13T16:16:24.110","lastModified":"2026-07-07T17:59:01.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.  This vulnerability is fixed in 5.1.7."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Velocity","defaultStatus":"unaffected","versions":[{"version":"<.5.1.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T17:07:08.674988Z","id":"CVE-2025-31991","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:devops_velocity:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.7","matchCriteriaId":"A0B08191-79B5-4DB6-AE9B-43F5D6062A07"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130138","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33845","sourceIdentifier":"secalert@redhat.com","published":"2026-04-30T18:16:28.003","lastModified":"2026-07-07T12:16:37.817","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.com/gnutls/gnutls","packageName":"gnutls","versions":[{"version":"0","lessThan":"3.8.13","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:3.3.29-9.el7_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951051","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951012","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-30T18:40:18.586755Z","id":"CVE-2026-33845","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33845","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450624","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33845","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450624","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-33846","sourceIdentifier":"secalert@redhat.com","published":"2026-05-04T10:15:59.690","lastModified":"2026-07-07T12:16:38.380","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:3.3.29-9.el7_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951051","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951012","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-04T12:46:44.977536Z","id":"CVE-2026-33846","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-130"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-130"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33846","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450625","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33846","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450625","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33846.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-43329","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-08T14:16:42.520","lastModified":"2026-07-07T12:16:47.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: strictly check for maximum number of actions\n\nThe maximum number of flowtable hardware offload actions in IPv6 is:\n\n* ethernet mangling (4 payload actions, 2 for each ethernet address)\n* SNAT (4 payload actions)\n* DNAT (4 payload actions)\n* Double VLAN (4 vlan actions, 2 for popping vlan, and 2 for pushing)\n  for QinQ.\n* Redirect (1 action)\n\nWhich makes 17, while the maximum is 16. But act_ct supports for tunnels\nactions too. Note that payload action operates at 32-bit word level, so\nmangling an IPv6 address takes 4 payload actions.\n\nUpdate flow_action_entry_next() calls to check for the maximum number of\nsupported actions.\n\nWhile at it, rise the maximum number of actions per flow from 16 to 24\nso this works fine with IPv6 setups."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nf_flow_table_offload.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"ead66c77303f760f6c30be96e2e20d5a77cef614","versionType":"git","status":"affected"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"fe9018d3e94329f1951b00805a8640bc06f56ead","versionType":"git","status":"affected"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"5382bb03e9c33b089d60788478b922a2dca284cc","versionType":"git","status":"affected"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"57c78bd2e2dd08897acd35b2bf8bcef322e36f5e","versionType":"git","status":"affected"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"504c9456699dcf4d15195ef34a0fa94a80bfc877","versionType":"git","status":"affected"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"879959a7a2be814dd57568655eafa3d8f4d0309e","versionType":"git","status":"affected"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"76522fcdbc3a02b568f5d957f7e66fc194abb893","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nf_flow_table_offload.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.134","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.81","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.203","matchCriteriaId":"CEB6F028-4BB7-4605-A744-94181E84FF0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.134","matchCriteriaId":"F56F925B-BAF8-4F4B-B62F-1496AF19A307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.81","matchCriteriaId":"6EF80433-B33B-43C5-8E64-0FA7B8DCE1BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/504c9456699dcf4d15195ef34a0fa94a80bfc877","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5382bb03e9c33b089d60788478b922a2dca284cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57c78bd2e2dd08897acd35b2bf8bcef322e36f5e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76522fcdbc3a02b568f5d957f7e66fc194abb893","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/879959a7a2be814dd57568655eafa3d8f4d0309e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ead66c77303f760f6c30be96e2e20d5a77cef614","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe9018d3e94329f1951b00805a8640bc06f56ead","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:23329","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26427","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26428","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27713","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30848","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33215","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33899","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33900","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34095","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-43329","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468124","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43329.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-8450","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-27T05:16:23.067","lastModified":"2026-07-07T12:17:03.940","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file().\n\nsend_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path for write or append.\n\nUntrusted input passed to send_file() can run OS commands at the daemon process UID. The read-pipe form ('cmd |') also leaks subprocess stdout into the HTTP response body. The write-mode forms can create or truncate files at attacker chosen paths."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"OALDERS","product":"HTTP::Daemon","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"HTTP-Daemon","programFiles":["lib/HTTP/Daemon.pm"],"programRoutines":[{"name":"HTTP::Daemon::ClientConn::send_file"}],"repo":"https://github.com/libwww-perl/HTTP-Daemon","versions":[{"version":"0","lessThan":"6.17","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-27T15:46:44.248133Z","id":"CVE-2026-8450","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-78"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/libwww-perl/HTTP-Daemon/pull/89","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/OALDERS/HTTP-Daemon-6.17/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/27/5","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2026/06/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2026:36187","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36188","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36189","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-8450","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481773","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8450.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-45852","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.193","lastModified":"2026-07-07T12:16:51.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix double free in rxe_srq_from_init\n\nIn rxe_srq_from_init(), the queue pointer 'q' is assigned to\n'srq->rq.queue' before copying the SRQ number to user space.\nIf copy_to_user() fails, the function calls rxe_queue_cleanup()\nto free the queue, but leaves the now-invalid pointer in\n'srq->rq.queue'.\n\nThe caller of rxe_srq_from_init() (rxe_create_srq) eventually\ncalls rxe_srq_cleanup() upon receiving the error, which triggers\na second rxe_queue_cleanup() on the same memory, leading to a\ndouble free.\n\nThe call trace looks like this:\n   kmem_cache_free+0x.../0x...\n   rxe_queue_cleanup+0x1a/0x30 [rdma_rxe]\n   rxe_srq_cleanup+0x42/0x60 [rdma_rxe]\n   rxe_elem_release+0x31/0x70 [rdma_rxe]\n   rxe_create_srq+0x12b/0x1a0 [rdma_rxe]\n   ib_create_srq_user+0x9a/0x150 [ib_core]\n\nFix this by moving 'srq->rq.queue = q' after copy_to_user."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/sw/rxe/rxe_srq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"b98ab5494dbd48652561aa0b9c32f10500220745","versionType":"git","status":"affected"},{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"d493e0bfc748a520c349d6c8791b262aa5ad2e4e","versionType":"git","status":"affected"},{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"9abff51163aa1bc275ec356f74fe976291860a7f","versionType":"git","status":"affected"},{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"26793db60925df1e88a29466813d586cbc190b8c","versionType":"git","status":"affected"},{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"ce6f8e007682f378279d4cf83b240f12d52c723b","versionType":"git","status":"affected"},{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"5c07aef09a121a4cd622a71eb0753a9e135c84a8","versionType":"git","status":"affected"},{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"26a9cfe12f4ffdeaa136f252478986fa5f397ddc","versionType":"git","status":"affected"},{"version":"aae0484e15f062ad2c2502e68e15dfb8b8f84608","lessThan":"0beefd0e15d962f497aad750b2d5e9c3570b66d1","versionType":"git","status":"affected"},{"version":"350703fae672d4d649c3562c199eab5ec9dc7c79","versionType":"git","status":"affected"},{"version":"4.19.86","lessThan":"4.20","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/sw/rxe/rxe_srq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.86","versionEndExcluding":"5.10.259","matchCriteriaId":"39478F4C-3B38-4564-871C-85BBCB40308B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0beefd0e15d962f497aad750b2d5e9c3570b66d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/26793db60925df1e88a29466813d586cbc190b8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/26a9cfe12f4ffdeaa136f252478986fa5f397ddc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5c07aef09a121a4cd622a71eb0753a9e135c84a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9abff51163aa1bc275ec356f74fe976291860a7f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b98ab5494dbd48652561aa0b9c32f10500220745","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce6f8e007682f378279d4cf83b240f12d52c723b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d493e0bfc748a520c349d6c8791b262aa5ad2e4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25120","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25121","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27713","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33899","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35844","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-45852","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482166","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45852.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46090","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.547","lastModified":"2026-07-07T12:16:52.327","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aloop: Fix peer runtime UAF during format-change stop\n\nloopback_check_format() may stop the capture side when playback starts\nwith parameters that no longer match a running capture stream. Commit\n826af7fa62e3 (\"ALSA: aloop: Fix racy access at PCM trigger\") moved\nthe peer lookup under cable->lock, but the actual snd_pcm_stop() still\nruns after dropping that lock.\n\nA concurrent close can clear the capture entry from cable->streams[] and\ndetach or free its runtime while the playback trigger path still holds a\nstale peer substream pointer.\n\nKeep a per-cable count of in-flight peer stops before dropping\ncable->lock, and make free_cable() wait for those stops before\ndetaching the runtime. This preserves the existing behavior while\nmaking the peer runtime lifetime explicit."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["sound/drivers/aloop.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"597603d615d2b19a9e451d8cfac24372856a522d","lessThan":"83bd62fa9620ac98d5d694bde14c50f98c8e7189","versionType":"git","status":"affected"},{"version":"597603d615d2b19a9e451d8cfac24372856a522d","lessThan":"345c24b2bcf0923dfae1ab41497351c68214ff76","versionType":"git","status":"affected"},{"version":"597603d615d2b19a9e451d8cfac24372856a522d","lessThan":"03f52a9c170431e8f10e156b9dc0dae80b3e9198","versionType":"git","status":"affected"},{"version":"597603d615d2b19a9e451d8cfac24372856a522d","lessThan":"bdd9503c3d222d2735b56c7a8b4422ccf3de6e5c","versionType":"git","status":"affected"},{"version":"597603d615d2b19a9e451d8cfac24372856a522d","lessThan":"5d45e34bf001344e2966dabca1897561bbc9e913","versionType":"git","status":"affected"},{"version":"597603d615d2b19a9e451d8cfac24372856a522d","lessThan":"e5c33cdc6f402eab8abd36ecf436b22c9d3a8aff","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["sound/drivers/aloop.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.37","status":"affected"},{"version":"0","lessThan":"2.6.37","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-364"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.37","versionEndExcluding":"5.10.259","matchCriteriaId":"FDF693F3-8226-4C51-AFC4-6ABB2C88B2E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.12.88","matchCriteriaId":"5580C6A4-7EEF-4B93-929B-7FBDBA90F554"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03f52a9c170431e8f10e156b9dc0dae80b3e9198","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/345c24b2bcf0923dfae1ab41497351c68214ff76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d45e34bf001344e2966dabca1897561bbc9e913","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83bd62fa9620ac98d5d694bde14c50f98c8e7189","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bdd9503c3d222d2735b56c7a8b4422ccf3de6e5c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e5c33cdc6f402eab8abd36ecf436b22c9d3a8aff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:27353","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27354","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30848","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33215","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33685","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33899","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33900","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34095","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34443","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35844","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46090","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481980","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46090.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46116","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.080","lastModified":"2026-07-07T12:16:52.660","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: defensively unhash xfrm_state lists in __xfrm_state_delete\n\nKASAN reproduces a slab-use-after-free in __xfrm_state_delete()'s\nhlist_del_rcu calls under syzkaller load on linux-6.12.y stable\n(reproduced on 6.12.47, also reachable via the same code path on\ntorvalds/master and on the ipsec tree). Nine unique signatures cluster\nin the xfrm_state lifecycle, the load-bearing one being:\n\n  BUG: KASAN: slab-use-after-free in __hlist_del include/linux/list.h:990 [inline]\n  BUG: KASAN: slab-use-after-free in hlist_del_rcu include/linux/rculist.h:516 [inline]\n  BUG: KASAN: slab-use-after-free in __xfrm_state_delete net/xfrm/xfrm_state.c\n  Write of size 8 at addr ffff8881198bcb70 by task kworker/u8:9/435\n\n  Workqueue: netns cleanup_net\n  Call Trace:\n   __hlist_del / hlist_del_rcu\n   __xfrm_state_delete\n   xfrm_state_delete\n   xfrm_state_flush\n   xfrm_state_fini\n   ops_exit_list\n   cleanup_net\n\nThe other observed signatures hit the same slab object from\n__xfrm_state_lookup, xfrm_alloc_spi, __xfrm_state_insert and an OOB\nwrite variant of __xfrm_state_delete, all on the byseq/byspi\nhash chains.\n\n__xfrm_state_delete() guards its byseq and byspi unhashes with\nvalue-based predicates:\n\n\tif (x->km.seq)\n\t\thlist_del_rcu(&x->byseq);\n\tif (x->id.spi)\n\t\thlist_del_rcu(&x->byspi);\n\nwhile everywhere else in the file (e.g. state_cache, state_cache_input)\nthe safer hlist_unhashed() check is used. xfrm_alloc_spi() sets\nx->id.spi = newspi inside xfrm_state_lock and then immediately inserts\ninto byspi, but a path that observes x->id.spi != 0 outside of\nxfrm_state_lock can still skip-or-hit the byspi unhash inconsistently\nwith whether x is actually on the list. The same holds for x->km.seq\nversus byseq, and the bydst/bysrc unhashes have no predicate at all,\nso a second __xfrm_state_delete() on the same object writes through\nLIST_POISON pprev.\n\nThe defensive change here:\n\n  - Use hlist_del_init_rcu() instead of hlist_del_rcu() on bydst,\n    bysrc, byseq and byspi so a second deletion is a no-op rather\n    than a write through LIST_POISON pprev. The byseq/byspi nodes\n    are already initialised in xfrm_state_alloc().\n  - Test hlist_unhashed() rather than the value predicate for\n    byseq/byspi, so the unhash decision tracks list state rather than\n    mutable scalar fields.\n\nEmpirical verification: applied this patch on top of v6.12.47, rebuilt,\nand re-ran the same syzkaller harness for 1h16m on a previously-crashy\nconfiguration that produced ~100 hits each of slab-use-after-free\nRead in xfrm_alloc_spi / Read in __xfrm_state_lookup / Write in\n__xfrm_state_delete. After the patch, 7.1M execs across 32 VMs at\n~1550 exec/sec produced zero xfrm_state UAF/OOB hits. /proc/slabinfo\nconfirms the xfrm_state slab is actively allocated and freed during\nthe run (~143 KiB resident), so the fuzzer is still exercising those\ncode paths -- they just no longer crash.\n\nReproduction:\n\n  - Linux 6.12.47 x86_64 + KASAN_GENERIC + KASAN_INLINE + KCOV\n  - syzkaller @ 746545b8b1e4c3a128db8652b340d3df90ce61db\n  - 32 QEMU/KVM VMs x 2 vCPU on AWS c5.metal bare metal\n  - 9 unique signatures collected in ~9h, all within xfrm_state\n    lifecycle"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xfrm/xfrm_state.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7b4dc3600e4877178ba94c7fbf7e520421378aa6","lessThan":"3943fcad7694a7d0b15aeabe7d3cc2a2eb8e92e8","versionType":"git","status":"affected"},{"version":"7b4dc3600e4877178ba94c7fbf7e520421378aa6","lessThan":"2c617848ae6e4f07a3e397f604208c293bbecacc","versionType":"git","status":"affected"},{"version":"7b4dc3600e4877178ba94c7fbf7e520421378aa6","lessThan":"b4a53add2fa8f1b5aa17d4c5686c320785fab182","versionType":"git","status":"affected"},{"version":"7b4dc3600e4877178ba94c7fbf7e520421378aa6","lessThan":"26edb0a3c99f9d958c212be68b21f1221614dcf0","versionType":"git","status":"affected"},{"version":"7b4dc3600e4877178ba94c7fbf7e520421378aa6","lessThan":"4980162de555cb838f1a189ce7d2cbf5d2e7b050","versionType":"git","status":"affected"},{"version":"7b4dc3600e4877178ba94c7fbf7e520421378aa6","lessThan":"a2e2d08fb070fab4947447171f1c4e3ca5a188e5","versionType":"git","status":"affected"},{"version":"7b4dc3600e4877178ba94c7fbf7e520421378aa6","lessThan":"14acf9652e5690de3c7486c6db5fb8dafd0a32a3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xfrm/xfrm_state.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.19","status":"affected"},{"version":"0","lessThan":"2.6.19","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-763"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"5.15.210","matchCriteriaId":"FC04E817-5B0B-407B-8E17-92A265260B4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/14acf9652e5690de3c7486c6db5fb8dafd0a32a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/26edb0a3c99f9d958c212be68b21f1221614dcf0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c617848ae6e4f07a3e397f604208c293bbecacc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3943fcad7694a7d0b15aeabe7d3cc2a2eb8e92e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4980162de555cb838f1a189ce7d2cbf5d2e7b050","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2e2d08fb070fab4947447171f1c4e3ca5a188e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b4a53add2fa8f1b5aa17d4c5686c320785fab182","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46116","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482523","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46116.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46244","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-03T18:16:24.430","lastModified":"2026-07-07T12:16:54.287","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: Fix IPv6 inner_thoff desync\n\nIn nft_inner_parse_l2l3(), when processing inner IPv6 packets,\nipv6_find_hdr() correctly computes the transport header offset\ntraversing all extension headers, but the result is immediately\noverwritten with nhoff + sizeof(_ip6h) (40 bytes), which only\naccounts for the IPv6 base header. This creates a desync between\ninner_thoff (wrong — points to extension header start) and l4proto\n(correct — e.g., IPPROTO_TCP), enabling transport header forgery\nand potential firewall bypass. This issue affects stable versions\nfrom Linux 6.2.\n\nFor comparison, the normal (non-inner) IPv6 path correctly\npreserves ipv6_find_hdr()'s result. Removing the incorrect overwrite\nensures that ipv6_find_hdr()'s calculated transport header offset is\npreserved, thereby fixing the desynchronization."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nft_inner.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3a07327d10a09379315c844c63f27941f5081e0a","lessThan":"c161ad9157f5a0429b5ff94d9770faf3bf48d273","versionType":"git","status":"affected"},{"version":"3a07327d10a09379315c844c63f27941f5081e0a","lessThan":"870d59e2cf218e7418491e26bad768cb16654582","versionType":"git","status":"affected"},{"version":"3a07327d10a09379315c844c63f27941f5081e0a","lessThan":"689bbf48c1f45130086ae1c46ab83ea4c753c601","versionType":"git","status":"affected"},{"version":"3a07327d10a09379315c844c63f27941f5081e0a","lessThan":"d0f98a3617f6ae5b1e95cde1e68e7ead4a1279ce","versionType":"git","status":"affected"},{"version":"3a07327d10a09379315c844c63f27941f5081e0a","lessThan":"b6a91f68ebfed9c38e0e9150f58a9b85da07181c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nft_inner.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-823"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/689bbf48c1f45130086ae1c46ab83ea4c753c601","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/870d59e2cf218e7418491e26bad768cb16654582","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b6a91f68ebfed9c38e0e9150f58a9b85da07181c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c161ad9157f5a0429b5ff94d9770faf3bf48d273","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d0f98a3617f6ae5b1e95cde1e68e7ead4a1279ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:33215","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34443","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34911","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46244","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484451","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46244.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-7774","sourceIdentifier":"cna@python.org","published":"2026-06-04T16:16:42.103","lastModified":"2026-07-07T18:16:40.417","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."}],"affected":[{"source":"cna@python.org","affectedData":[{"vendor":"Python Software Foundation","product":"CPython","defaultStatus":"unaffected","modules":["tarfile"],"repo":"https://github.com/python/cpython","versions":[{"version":"0","lessThan":"3.13.14","versionType":"python","status":"affected"},{"version":"3.14.0","lessThan":"3.14.6","versionType":"python","status":"affected"},{"version":"3.15.0a1","lessThan":"3.15.0b2","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T17:27:23.917872Z","id":"CVE-2026-7774","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@python.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/python/cpython/commit/0478bd83d82b255e0f29f613367a59d261e7eaa2","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/0d28f5e46e151718972dfabd91205444d0037b6d","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/10a13bee3c24f9c62b602e696334ff2272a40efc","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/5cf47a248c35c375d610b87b2f72fd1ed454b558","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/74cca9a92fb7d653e404843a56b8bdc7b0afdbbf","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/c063191cb7f9170f9565e305f8aa2b79ab2bf609","source":"cna@python.org"},{"url":"https://github.com/python/cpython/issues/149486","source":"cna@python.org"},{"url":"https://github.com/python/cpython/pull/149487","source":"cna@python.org"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/","source":"cna@python.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/04/9","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-9669","sourceIdentifier":"cna@python.org","published":"2026-06-08T23:17:25.170","lastModified":"2026-07-07T18:16:40.553","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data."}],"affected":[{"source":"cna@python.org","affectedData":[{"vendor":"Python Software Foundation","product":"CPython","defaultStatus":"unaffected","modules":["bz2"],"repo":"https://github.com/python/cpython","versions":[{"version":"0","lessThan":"3.13.14","versionType":"python","status":"affected"},{"version":"3.14.0","lessThan":"3.14.6","versionType":"python","status":"affected"},{"version":"3.15.0a1","lessThan":"3.15.0b3","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T12:23:25.378543Z","id":"CVE-2026-9669","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@python.org","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/python/cpython/commit/157a5df8cb5d82b33f918a7489e72ce95ceb12b6","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/5755d0f083949ff3c5bf3a37e673e24e306b036e","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/619a12b2e545391dc436b3af79dda22337382a6f","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/938ec030e90c5e53f1faac6fab1643f14e4f4a79","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/d3ca26983dfbccdf609f24ff5877dc3118e4702d","source":"cna@python.org"},{"url":"https://github.com/python/cpython/issues/150599","source":"cna@python.org"},{"url":"https://github.com/python/cpython/pull/150600","source":"cna@python.org"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/DBJZETMGUIFK7DVUWMOXHD3Z6IX2QPSX/","source":"cna@python.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/08/17","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-53694","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-10T16:17:17.093","lastModified":"2026-07-07T16:16:39.927","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"NoMachine","product":"NoMachine","defaultStatus":"unaffected","platforms":["Windows","Linux","MacOS","x86","ARM","64 bit","32 bit"],"versions":[{"version":"7.0.0","lessThan":"9.5.7","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThan":"8.23.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T16:08:01.328415Z","id":"CVE-2026-53694","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://kb.nomachine.com/SU05X00274","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://kb.nomachine.com/SU05X00275","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-0267","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:53.187","lastModified":"2026-07-07T15:01:21.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"GlobalProtect App","defaultStatus":"unaffected","cpes":["cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.3:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.2:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.1:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.3.0:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.8:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.7:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.6:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.4:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.3:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.2:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.1:*:*:*:*:macOS:*:*","cpe:2.3:a:palo_alto_networks:globalprotect_app:6.2.0:*:*:*:*:macOS:*:*"],"platforms":["macOS"],"versions":[{"version":"6.3.0","lessThan":"6.3.3-h1","versionType":"custom","status":"affected","changes":[{"at":"6.3.3-h1","status":"unaffected"}]},{"version":"6.2.0","lessThan":"6.2.8-h2","versionType":"custom","status":"affected","changes":[{"at":"6.2.8-h2","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"GlobalProtect App","defaultStatus":"unaffected","platforms":["Windows","Linux","iOS","Android","Chrome OS"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"GlobalProtect UWP App","defaultStatus":"unaffected","versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T14:41:13.659641Z","id":"CVE-2026-0267","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.8","matchCriteriaId":"84C4C650-DBCF-488A-AD29-84347162D48B"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.3","matchCriteriaId":"EFAA1A23-5A3C-48FA-8672-D8329D67A14C"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:globalprotect:6.2.8:-:*:*:*:macos:*:*","matchCriteriaId":"F781BC4A-B907-4393-A94A-D200A0BD73E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:globalprotect:6.2.8:h1:*:*:*:macos:*:*","matchCriteriaId":"77C49DC4-CC2B-46C3-9122-40B399E657A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:globalprotect:6.3.3:-:*:*:*:macos:*:*","matchCriteriaId":"47AAC03D-0E33-430D-AB58-CABCC1546285"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-8687","source":"psirt@paloaltonetworks.com","tags":["Not Applicable"]},{"url":"https://security.paloaltonetworks.com/CVE-2026-0267","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-45169","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-12T05:16:32.703","lastModified":"2026-07-07T15:22:30.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"PAM SH Vault","defaultStatus":"unaffected","versions":[{"version":"14.0","lessThan":"14.0.8","versionType":"custom","status":"affected","changes":[{"at":"14.0.8","status":"unaffected"}]},{"version":"14.2","lessThan":"14.2.7","versionType":"custom","status":"affected","changes":[{"at":"14.2.7","status":"unaffected"}]},{"version":"14.6","lessThan":"14.6.5","versionType":"custom","status":"affected","changes":[{"at":"14.6.5","status":"unaffected"}]},{"version":"15.0","lessThan":"15.0.3","versionType":"custom","status":"affected","changes":[{"at":"15.0.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T14:01:28.666641Z","id":"CVE-2026-45169","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.8","matchCriteriaId":"FD558079-EBB8-4EC9-AEAB-EC5692DAB048"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:*:*:*:*:*:*:*:*","versionStartIncluding":"14.2","versionEndExcluding":"14.2.7","matchCriteriaId":"0A0C5FA8-89BC-4B95-B987-985017C33141"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:*:*:*:*:*:*:*:*","versionStartIncluding":"14.6","versionEndExcluding":"14.6.5","matchCriteriaId":"90D45338-4F17-41BE-85CB-6F6CEBDE9A73"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_access_manager_vault:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndIncluding":"15.0.3","matchCriteriaId":"FC1D2F34-9AF6-4AC8-AB5B-1538D74A4C0B"}]}]}],"references":[{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-8.htm","source":"psirt@paloaltonetworks.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-7.htm","source":"psirt@paloaltonetworks.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-vault.htm#14.6.5","source":"psirt@paloaltonetworks.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-vault.htm#15.0.3","source":"psirt@paloaltonetworks.com","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41047","sourceIdentifier":"meissner@suse.de","published":"2026-06-22T16:16:35.133","lastModified":"2026-07-07T18:51:29.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Lack of authentication when using the \"snapshot diff\" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information."}],"affected":[{"source":"meissner@suse.de","affectedData":[{"vendor":"presire","product":"qSnapper","defaultStatus":"unaffected","packageName":"qsnapper","repo":"https://github.com/presire/qSnapper","versions":[{"version":"0","lessThan":"1.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:24:13.803772Z","id":"CVE-2026-41047","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"meissner@suse.de","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:presire:qsnapper:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"EDD5718C-0459-48A0-A6A8-B6C1F557DF2C"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1261890","source":"meissner@suse.de","tags":["Third Party Advisory"]},{"url":"https://github.com/presire/qSnapper/releases/tag/v1.3.3","source":"meissner@suse.de","tags":["Release Notes"]},{"url":"https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-info-leak","source":"meissner@suse.de","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-41048","sourceIdentifier":"meissner@suse.de","published":"2026-06-22T16:16:35.260","lastModified":"2026-07-07T18:51:15.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like \"restore from snapshot\" even if only allowed to do \"delete snapshot\"."}],"affected":[{"source":"meissner@suse.de","affectedData":[{"vendor":"presire","product":"qSnapper","defaultStatus":"unaffected","packageName":"qsnapper","repo":"https://github.com/presire/qSnapper","versions":[{"version":"1.2.1","lessThan":"1.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:24:42.461147Z","id":"CVE-2026-41048","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"meissner@suse.de","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:presire:qsnapper:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"EDD5718C-0459-48A0-A6A8-B6C1F557DF2C"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1262218","source":"meissner@suse.de","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/presire/qSnapper/releases/tag/v1.3.3","source":"meissner@suse.de","tags":["Third Party Advisory"]},{"url":"https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching","source":"meissner@suse.de","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41523","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:30.200","lastModified":"2026-07-07T12:16:42.377","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLLM runs in Python optimized mode (python -O or PYTHONOPTIMIZE=1). This vulnerability is fixed in 0.22.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.22.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:23:15.308986Z","id":"CVE-2026-41523","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-617"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionEndExcluding":"0.22.0","matchCriteriaId":"981922E2-F268-4829-9CDE-3A165F3808B9"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/b3c7ffcab82c2439726f8cb213800f6f38c023d3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-q8gq-377p-jq3r","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/dcb05b04-e625-41e7-adbc-bbae0cc2d64c","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-41523","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2491582","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41523.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-48746","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:30.490","lastModified":"2026-07-07T12:16:56.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing the configured VLLM_API_KEY or --api-key. This vulnerability is fixed in 0.22.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":">= 0.3.0, < 0.22.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"]},{"vendor":"Red Hat","product":"Exploit Intelligence","defaultStatus":"affected","cpes":["cpe:/a:redhat:exploit_intelligence:0"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:satellite:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:01:22.798843Z","id":"CVE-2026-48746","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-501"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.3.0","versionEndExcluding":"0.22.0","matchCriteriaId":"0D7B8DAA-6987-468A-9721-05A123DB61E3"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/pull/43426","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-94f4-hr76-p5j6","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://x41-dsec.de/lab/advisories/x41-2026-002-starlette","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:30088","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30089","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-48746","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2491581","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48746.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://x41-dsec.de/lab/advisories/x41-2026-002-starlette","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-12866","sourceIdentifier":"report@snyk.io","published":"2026-06-23T05:17:03.380","lastModified":"2026-07-07T19:16:51.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context."}],"affected":[{"source":"report@snyk.io","affectedData":[{"vendor":"n/a","product":"expr-eval","versions":[{"version":"0","lessThan":"*","versionType":"semver","status":"affected"}]},{"vendor":"n/a","product":"org.webjars.npm:expr-eval","versions":[{"version":"0","lessThan":"*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:06:04.423419Z","id":"CVE-2026-12866","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/silentmatt/expr-eval/blob/master/src/expression.js%23L55","source":"report@snyk.io"},{"url":"https://github.com/silentmatt/expr-eval/issues/292","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-17662018","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-15054690","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-15054690","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53133","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:30.537","lastModified":"2026-07-07T17:02:08.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umem: Fix truncation for block sizes >= 4G\n\nWhen the iommu is used the linearization of the mapping can give a single\nblock that is very large split across multiple SG entries.\n\nWhen __rdma_block_iter_next() reassembles the split SG entries it is\noverflowing the 32 bit stack values and computed the wrong DMA addresses\nfor blocks after the truncation.\n\nUse the right types to hold DMA addresses."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/core/iter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"2ff4b7817e5b78070c30f5fb5e678e452a2628b3","versionType":"git","status":"affected"},{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"dee2a49adeeb2a5e16a3fc858fa21b841c519802","versionType":"git","status":"affected"},{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"cc644d5608e3b0dadc970bd6e6aa26b91ea07d0f","versionType":"git","status":"affected"},{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"8fe0231adebe086c8a459c790944ac026cd99c6e","versionType":"git","status":"affected"},{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"baf8685bcf56dc1efb44b8f6a57c42516e549068","versionType":"git","status":"affected"},{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"afd35fec9297195b759078745549c2671223f24f","versionType":"git","status":"affected"},{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"ac1aad8e1281534ce936c250f68084fc79c5469e","versionType":"git","status":"affected"},{"version":"a808273a495c657e33281b181fd7fcc2bb28f662","lessThan":"15fe76e23615f502d051ef0768f86babaf08746c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/core/iter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.2","status":"affected"},{"version":"0","lessThan":"5.2","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-681"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.10.259","matchCriteriaId":"B1C55967-7570-414A-BAE5-4F10A6880283"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/15fe76e23615f502d051ef0768f86babaf08746c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ff4b7817e5b78070c30f5fb5e678e452a2628b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8fe0231adebe086c8a459c790944ac026cd99c6e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ac1aad8e1281534ce936c250f68084fc79c5469e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/afd35fec9297195b759078745549c2671223f24f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/baf8685bcf56dc1efb44b8f6a57c42516e549068","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc644d5608e3b0dadc970bd6e6aa26b91ea07d0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dee2a49adeeb2a5e16a3fc858fa21b841c519802","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53134","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:30.657","lastModified":"2026-07-07T16:59:14.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_fib: fix stale stack leak via the OIFNAME register\n\nFor NFT_FIB_RESULT_OIFNAME the destination register is declared with\nlen = IFNAMSIZ (four 32-bit registers), but on the lookup-fail,\nRTN_LOCAL and oif-mismatch paths nft_fib{4,6}_eval() only writes one\nregister via \"*dest = 0\". The remaining three registers are left as\nwhatever was on the stack in nft_do_chain()'s struct nft_regs, and a\ndownstream expression that loads the register span can leak that\nuninitialised kernel stack to userspace.\n\nThe NFTA_FIB_F_PRESENT existence check has the same shape: it is only\nmeaningful for NFT_FIB_RESULT_OIF, yet it was accepted for any result type\nwhile the eval stores a single byte via nft_reg_store8(), leaving the rest\nof the declared span stale.\n\nFix both:\n\n - replace the bare \"*dest = 0\" in the eval with nft_fib_store_result(),\n   which strscpy_pad()s the whole IFNAMSIZ for OIFNAME (and is already\n   used on the other early-return path), and\n\n - restrict NFTA_FIB_F_PRESENT to NFT_FIB_RESULT_OIF and declare its\n   destination as a single u8, so the marked span matches the one byte\n   the eval writes."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv4/netfilter/nft_fib_ipv4.c","net/ipv6/netfilter/nft_fib_ipv6.c","net/netfilter/nft_fib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"6744e49fe51bfba26522acc2d0e9703cb41d8e50","versionType":"git","status":"affected"},{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"eca18feed38b3377a2ec5d1f22af1170c55d0171","versionType":"git","status":"affected"},{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"d19ddef8c327a4773ff81f8e51027d1e0b4cf069","versionType":"git","status":"affected"},{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"eb8a8124484dbc3c2b543e207da39bbccb703d31","versionType":"git","status":"affected"},{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"8c84885e9790823828bb8084736ea15769b1ac16","versionType":"git","status":"affected"},{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"84d8f58cf28a0415413f43ba7148f7bacd4c1b6e","versionType":"git","status":"affected"},{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"3544210609f6d1db282bbdeca639104ef624c393","versionType":"git","status":"affected"},{"version":"f6d0cbcf09c506b9b022df8f9d7693a7cec3c732","lessThan":"ab185e0c4fb82dfba6fb86f8271e06f931d9c64c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv4/netfilter/nft_fib_ipv4.c","net/ipv6/netfilter/nft_fib_ipv6.c","net/netfilter/nft_fib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.259","matchCriteriaId":"587D546F-CC34-4ACB-B66D-DCFB16B40A68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3544210609f6d1db282bbdeca639104ef624c393","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6744e49fe51bfba26522acc2d0e9703cb41d8e50","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84d8f58cf28a0415413f43ba7148f7bacd4c1b6e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8c84885e9790823828bb8084736ea15769b1ac16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab185e0c4fb82dfba6fb86f8271e06f931d9c64c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d19ddef8c327a4773ff81f8e51027d1e0b4cf069","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb8a8124484dbc3c2b543e207da39bbccb703d31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eca18feed38b3377a2ec5d1f22af1170c55d0171","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53135","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:30.787","lastModified":"2026-07-07T16:57:55.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs\n\n[Why & How]\ndp_sdp_message_debugfs_write() dereferences connector->base.state->crtc\nwithout checking for NULL. A connector can be connected but not bound to\nany CRTC (e.g. after hot-plug before the next atomic commit), causing a\nkernel crash when writing to the sdp_message debugfs node.\n\nThe function also ignores the user-provided size argument and always\npasses 36 bytes to copy_from_user(), reading past the user buffer when\nsize < 36.\n\nFix both issues by:\n- Returning -ENODEV when connector->base.state or state->crtc is NULL\n- Clamping write_size to min(size, sizeof(data))\n\n(cherry picked from commit 6ab4c36a522842ff70474a1c0af2e40e50fc8300)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"ee9cfcf77a8e8af637396dc00966df5f701e661c","versionType":"git","status":"affected"},{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"b781f90a9528555c709e59789550893581ef0be4","versionType":"git","status":"affected"},{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"a2de1d71891a038a9346b2c1a72b88c8350f2479","versionType":"git","status":"affected"},{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"7fc4fab4acc307ad2903312c195872b2953d32c3","versionType":"git","status":"affected"},{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"7ae95c0275c330b5dbae806f8e431720edad776f","versionType":"git","status":"affected"},{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"bb6f705b73b5f191f14ad004e2c8c4b615806187","versionType":"git","status":"affected"},{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"c90954cdea4d6998ec345de0d840d030c145b89e","versionType":"git","status":"affected"},{"version":"c7ba3653e9773256b2b08508a2ed2ca28ea7566b","lessThan":"adf67034b1f61f7119295208085bfd43f85f56af","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.2","status":"affected"},{"version":"0","lessThan":"5.2","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.10.259","matchCriteriaId":"B1C55967-7570-414A-BAE5-4F10A6880283"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7ae95c0275c330b5dbae806f8e431720edad776f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7fc4fab4acc307ad2903312c195872b2953d32c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2de1d71891a038a9346b2c1a72b88c8350f2479","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/adf67034b1f61f7119295208085bfd43f85f56af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b781f90a9528555c709e59789550893581ef0be4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb6f705b73b5f191f14ad004e2c8c4b615806187","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c90954cdea4d6998ec345de0d840d030c145b89e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee9cfcf77a8e8af637396dc00966df5f701e661c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53136","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:30.910","lastModified":"2026-07-07T16:57:16.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Clamp VBIOS HDMI retimer register count to array size\n\n[Why & How]\nThe VBIOS integrated info tables (v1_11 and v2_1) contain HdmiRegNum and\nHdmi6GRegNum fields that are used as loop bounds when copying retimer I2C\nregister settings into fixed-size arrays (dp*_ext_hdmi_reg_settings[9]\nand dp*_ext_hdmi_6g_reg_settings[3]). These u8 fields are not validated\nbefore use, so a malformed VBIOS can specify values up to 255, causing an\nout-of-bounds heap write during driver probe.\n\nClamp each register count to the destination array size using min_t()\nbefore the copy loops, in both get_integrated_info_v11() and\nget_integrated_info_v2_1().\n\n(cherry picked from commit 5a7f0ef90195940c54b0f5bb85b87da55f038c69)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1e8635ea0ea370bf4f0f2b2f1b3eb61474dd962a","lessThan":"029571d51140650783be4fb98fe7cb4754752086","versionType":"git","status":"affected"},{"version":"1e8635ea0ea370bf4f0f2b2f1b3eb61474dd962a","lessThan":"5f8b39452fb16f507c9e4d8b4a83ce27e893307c","versionType":"git","status":"affected"},{"version":"1e8635ea0ea370bf4f0f2b2f1b3eb61474dd962a","lessThan":"4d1c3c26c2ab1842e139e61983395d64bd2e518b","versionType":"git","status":"affected"},{"version":"1e8635ea0ea370bf4f0f2b2f1b3eb61474dd962a","lessThan":"d6be8e59af412623e3d874be3a048406c0edfe60","versionType":"git","status":"affected"},{"version":"1e8635ea0ea370bf4f0f2b2f1b3eb61474dd962a","lessThan":"3f32d52ec604c659725d865cf8cc6a17a33f9c6a","versionType":"git","status":"affected"},{"version":"1e8635ea0ea370bf4f0f2b2f1b3eb61474dd962a","lessThan":"8aaa7e317fbd4beb9c6a9f77aa4cf52fae78b117","versionType":"git","status":"affected"},{"version":"1e8635ea0ea370bf4f0f2b2f1b3eb61474dd962a","lessThan":"fb0707ce00eef4e2d60c3020e1c0432739703e4a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.210","matchCriteriaId":"E38A9AB0-0756-40E8-860F-FF23B584A2C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/029571d51140650783be4fb98fe7cb4754752086","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3f32d52ec604c659725d865cf8cc6a17a33f9c6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4d1c3c26c2ab1842e139e61983395d64bd2e518b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5f8b39452fb16f507c9e4d8b4a83ce27e893307c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8aaa7e317fbd4beb9c6a9f77aa4cf52fae78b117","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6be8e59af412623e3d874be3a048406c0edfe60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb0707ce00eef4e2d60c3020e1c0432739703e4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53137","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.030","lastModified":"2026-07-07T16:51:48.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size\n\n[Why & How]\nDuring HDCP 2.x repeater authentication over HDMI, the driver reads the\nsink's RxStatus register and extracts a 10-bit message size field (max\nvalue 1023). This value is used as the read length for the ReceiverID\nlist without being clamped to the size of the destination buffer\nrx_id_list[177]. A malicious HDMI repeater could advertise a message\nsize larger than the buffer, causing an out-of-bounds write during the\nI2C read.\n\nClamp the read length in mod_hdcp_read_rx_id_list() to the size of the\nrx_id_list buffer, matching the approach already used in the DP branch.\n\n(cherry picked from commit 229212219e4247d9486f8ba41ef087358490be09)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"3c4444aec06c74fbc05661f370954ac814963c38","versionType":"git","status":"affected"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"91fb41218c413989d8b6c837748751454b452d68","versionType":"git","status":"affected"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"964e50ef7b8f09815a7d05b8326af700f8d5bc96","versionType":"git","status":"affected"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"79e0273272a05fb26f9b1e55bf1a52eefc3b7b35","versionType":"git","status":"affected"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"bfba882cfcd08f6540f72f48e786b6404f5d2c5b","versionType":"git","status":"affected"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"1906064d50d194a145486e5caf3db3e708b6f6ef","versionType":"git","status":"affected"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"98cfb7530ea91d8e5e928285cdce58e1131f6e83","versionType":"git","status":"affected"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"f0f3981c43b32cadfe373d636d9e9ca522bb3702","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.259","matchCriteriaId":"047C25D4-CC7B-4FD9-B441-C8E72652C2D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1906064d50d194a145486e5caf3db3e708b6f6ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c4444aec06c74fbc05661f370954ac814963c38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/79e0273272a05fb26f9b1e55bf1a52eefc3b7b35","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91fb41218c413989d8b6c837748751454b452d68","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/964e50ef7b8f09815a7d05b8326af700f8d5bc96","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/98cfb7530ea91d8e5e928285cdce58e1131f6e83","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfba882cfcd08f6540f72f48e786b6404f5d2c5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0f3981c43b32cadfe373d636d9e9ca522bb3702","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53138","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.150","lastModified":"2026-07-07T16:51:06.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Bound VBIOS record-chain walk loops\n\n[Why & How]\nAll record-chain walk loops in bios_parser.c and bios_parser2.c use\nfor(;;) and only terminate on a 0xFF record_type sentinel or zero\nrecord_size. A malformed VBIOS image missing the terminator record\ncauses unbounded iteration at probe time, potentially hundreds of\nthousands of iterations with record_size=1. In the final iterations\nnear the BIOS image boundary, struct casts beyond the 2-byte header\nvalidated by GET_IMAGE can also read out of bounds.\n\nCap all 14 record-chain walk loops to BIOS_MAX_NUM_RECORD (256)\niterations. The atombios.h defines up to 22 distinct record types\nand atomfirmware.h has 13. Assuming an average of less than 10\nrecords per type (which is reasonable since most are connector-\nbased) 256 is a generous upper bound.\n\n(cherry picked from commit 95700a3d660287ed657d6892f7be9ffc0e294a93)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/display/dc/bios/bios_parser.c","drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c","drivers/gpu/drm/amd/display/dc/bios/bios_parser_helper.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"e94f5323c41f32a74160378c3b19850d1f203ad5","versionType":"git","status":"affected"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"04e271a952b8863bbafc99bd51aca4c32bff0e0d","versionType":"git","status":"affected"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"6723188c42ca3b34a9fce634d7a0ecc9ccd5cd56","versionType":"git","status":"affected"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"499c6b43a79dd684bddbd18fe8b2235aa2764db4","versionType":"git","status":"affected"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"6173cfea2f916e01c4f98e29cd654384a05e32a3","versionType":"git","status":"affected"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"0e56f460bddb397fa9a8e6faf7ae7eaa86953eb1","versionType":"git","status":"affected"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"2645e3caf7e013189da9c6ff621d006cca5a538b","versionType":"git","status":"affected"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"ff287df16a1a58aca78b08d1f3ee09fc44da0351","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/display/dc/bios/bios_parser.c","drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c","drivers/gpu/drm/amd/display/dc/bios/bios_parser_helper.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.260","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.211","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.177","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.260","matchCriteriaId":"F1033F7E-FEFA-48D5-9319-95C116767C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.211","matchCriteriaId":"D71C101E-388C-4A46-BD99-49049F7C5CFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.177","matchCriteriaId":"333C9E30-7FD4-46A2-94EF-C1AA1F3EE28B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.144","matchCriteriaId":"C8AD3BC8-C843-423C-B9DB-CB52F67F578E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/04e271a952b8863bbafc99bd51aca4c32bff0e0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0e56f460bddb397fa9a8e6faf7ae7eaa86953eb1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2645e3caf7e013189da9c6ff621d006cca5a538b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/499c6b43a79dd684bddbd18fe8b2235aa2764db4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6173cfea2f916e01c4f98e29cd654384a05e32a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6723188c42ca3b34a9fce634d7a0ecc9ccd5cd56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e94f5323c41f32a74160378c3b19850d1f203ad5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff287df16a1a58aca78b08d1f3ee09fc44da0351","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53141","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.423","lastModified":"2026-07-07T16:42:12.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix global performance monitor reference counting\n\nIn the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on\nthe perfmon it returns, but v3d_perfmon_set_global_ioctl() and\nv3d_perfmon_delete() fail to release that reference on several paths:\n\n  1. v3d_perfmon_set_global_ioctl() leaks the reference on its error\n     paths.\n\n  2. CLEAR_GLOBAL leaks both the find reference and the reference\n     previously stashed in v3d->global_perfmon by the SET_GLOBAL ioctl\n     that configured it.\n\n  3. Destroying a perfmon that is the current global perfmon leaks the\n     reference stashed by the SET_GLOBAL ioctl.\n\nRelease each of these references explicitly."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/v3d/v3d_perfmon.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c6eabbab359c156669e10d5dec3e71e80ff09bd2","lessThan":"3e1947573140a57119294f0bff39ee18d93f23e1","versionType":"git","status":"affected"},{"version":"c6eabbab359c156669e10d5dec3e71e80ff09bd2","lessThan":"ed2eaf3b7b1820b690e4b896d344e00027526a25","versionType":"git","status":"affected"},{"version":"c6eabbab359c156669e10d5dec3e71e80ff09bd2","lessThan":"6bf7e2affc6e62da7add393d7f352d4040f5bc27","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/v3d/v3d_perfmon.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.36","matchCriteriaId":"F44E71B4-36C2-4FDD-9239-2EEBD641A1C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3e1947573140a57119294f0bff39ee18d93f23e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6bf7e2affc6e62da7add393d7f352d4040f5bc27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed2eaf3b7b1820b690e4b896d344e00027526a25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53142","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.513","lastModified":"2026-07-07T16:41:37.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/display: fix oops in suspend/shutdown without display\n\nThe xe driver keeps track of whether to probe display, and whether\ndisplay hardware is there, using xe->info.probe_display. It gets set to\nfalse if there's no display after intel_display_device_probe(). However,\nthe display may also be disabled via fuses, detected at a later time in\nintel_display_device_info_runtime_init().\n\nIn this case, the xe driver does for_each_intel_crtc() on uninitialized\nmode config in xe_display_flush_cleanup_work(), leading to a NULL\npointer dereference, and generally calls display code with display info\ncleared.\n\nCheck for intel_display_device_present() after\nintel_display_device_info_runtime_init(), and reset\nxe->info.probe_display as necessary. Also do unset_display_features()\nfor completeness, although display runtime init has already done\nthat. This will need to be unified across all cases later.\n\nMove intel_display_device_info_runtime_init() call slightly earlier,\nsimilar to i915, to avoid a bunch of unnecessary setup for no display\ncases.\n\nNote #1: The xe driver has no business doing low level display plumbing\nlike for_each_intel_crtc() to begin with. It all needs to happen in\ndisplay code.\n\nNote #2: The actual bug is present already in commit 44e694958b95\n(\"drm/xe/display: Implement display support\"), but the oops was likely\nintroduced later at commit ddf6492e0e50 (\"drm/xe/display: Make display\nsuspend/resume work on discrete\").\n\n(cherry picked from commit 7c3eb9f47533220888a67266448185fd0775d4da)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/xe/display/xe_display.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"44e694958b95395bd1c41508c88c8ca141bf9bd7","lessThan":"ddf1fe4c043aa42e46aef87b815d5deeed2fcd7b","versionType":"git","status":"affected"},{"version":"44e694958b95395bd1c41508c88c8ca141bf9bd7","lessThan":"0f68ddfaaebfbb5581ee931779757d31f4dc9e24","versionType":"git","status":"affected"},{"version":"44e694958b95395bd1c41508c88c8ca141bf9bd7","lessThan":"238bcdaae8f2abc65e182de7d1f69cf8f611a610","versionType":"git","status":"affected"},{"version":"44e694958b95395bd1c41508c88c8ca141bf9bd7","lessThan":"68938cc08e23a94fd881e845837ff918de005ce7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/xe/display/xe_display.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.95","matchCriteriaId":"D94789D5-2D61-4B2C-920F-E9065372109D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f68ddfaaebfbb5581ee931779757d31f4dc9e24","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/238bcdaae8f2abc65e182de7d1f69cf8f611a610","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68938cc08e23a94fd881e845837ff918de005ce7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ddf1fe4c043aa42e46aef87b815d5deeed2fcd7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53144","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.710","lastModified":"2026-07-07T16:34:47.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: fix NULL dereference in get_queue_ids()\n\nWhen usr_queue_id_array is NULL and num_queues is non-zero,\nget_queue_ids() returns NULL. The callers check only IS_ERR() on the\nreturn value; since IS_ERR(NULL) == false the check passes, and\nsuspend_queues() calls q_array_invalidate() which immediately\ndereferences NULL while iterating num_queues times.\n\nUserspace can trigger this via kfd_ioctl_set_debug_trap() by supplying\nnum_queues > 0 with a zero queue_array_ptr, causing a kernel panic.\n\nA NULL usr_queue_id_array with num_queues == 0 is a legitimate no-op\n(q_array_invalidate never executes, and resume_queues already guards\nall queue_ids dereferences behind a NULL check). Return ERR_PTR(-EINVAL)\nonly when num_queues is non-zero and the pointer is absent; both callers\nalready propagate IS_ERR() returns correctly to userspace.\n\n(cherry picked from commit f165a82cdf503884bb1797771c61b2fcc72113d4)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a70a93fa568b4f05aba548dadb673703eccf5480","lessThan":"62bd09e23a23da70f9aae02748eba3e6bd93095d","versionType":"git","status":"affected"},{"version":"a70a93fa568b4f05aba548dadb673703eccf5480","lessThan":"daeceb0fe2a19651c58bbfa3d9d515ecb6ca8996","versionType":"git","status":"affected"},{"version":"a70a93fa568b4f05aba548dadb673703eccf5480","lessThan":"72e259a32084c42816152c346096d2edd4213e23","versionType":"git","status":"affected"},{"version":"a70a93fa568b4f05aba548dadb673703eccf5480","lessThan":"e1965e8913cfbf17622ca12638e7a07f68ba0848","versionType":"git","status":"affected"},{"version":"a70a93fa568b4f05aba548dadb673703eccf5480","lessThan":"2bd550b547deabef98bd3b017ff743b7c34d3a6d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.143","matchCriteriaId":"0DB27922-E47A-4720-862F-288D606ABCD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2bd550b547deabef98bd3b017ff743b7c34d3a6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/62bd09e23a23da70f9aae02748eba3e6bd93095d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/72e259a32084c42816152c346096d2edd4213e23","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/daeceb0fe2a19651c58bbfa3d9d515ecb6ca8996","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e1965e8913cfbf17622ca12638e7a07f68ba0848","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53154","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:32.770","lastModified":"2026-07-07T20:12:41.993","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: restore reservation on error in hugetlb folio copy paths\n\nTwo sites in mm/hugetlb.c allocate a hugetlb folio via\nalloc_hugetlb_folio() (consuming a VMA reservation) and then call\ncopy_user_large_folio(), which became int-returning in commit 1cb9dc4b475c\n(\"mm: hwpoison: support recovery from HugePage copy-on-write faults\") and\ncan now fail (e.g.  -EHWPOISON on a hwpoisoned source page).  On the\nfailure path, folio_put() restores the global hugetlb pool count through\nfree_huge_folio(), but the per-VMA reservation map entry is left marked\nconsumed:\n\n  - hugetlb_mfill_atomic_pte() resubmission path (UFFDIO_COPY)\n  - copy_hugetlb_page_range() fork-time CoW path when\n    hugetlb_try_dup_anon_rmap() fails (rare: pinned hugetlb anon\n    folio under fork)\n\nUser-visible effect: on UFFDIO_COPY into a private hugetlb VMA where the\nresubmission copy fails, the reservation for that address is leaked from\nthe VMA's reserve map.  A subsequent fault at the same address takes the\nno-reservation path, and under hugetlb pool pressure the task is SIGBUSed\nat an address it had previously reserved.  The fork-time CoW path leaks\nthe same way in the child VMA's reserve map, though it requires the much\nrarer combination of pinned hugetlb anon page + hwpoisoned source.\n\nAdd the missing restore_reserve_on_error() call before folio_put() on both\nerror paths."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1cb9dc4b475c7418f925ab0c97b6750007d9f52e","lessThan":"8d6e1dd3ad1340cd8b6d554b7aa93d8f0a1c6d38","versionType":"git","status":"affected"},{"version":"1cb9dc4b475c7418f925ab0c97b6750007d9f52e","lessThan":"e47bf16af3c45470ea32f2241fa69aefe0dd61bd","versionType":"git","status":"affected"},{"version":"1cb9dc4b475c7418f925ab0c97b6750007d9f52e","lessThan":"c72469ac0f274bde3f0df60a4584e14a123d0aa6","versionType":"git","status":"affected"},{"version":"1cb9dc4b475c7418f925ab0c97b6750007d9f52e","lessThan":"45e33d43243d71d089af42f5077b8213cee6610f","versionType":"git","status":"affected"},{"version":"1cb9dc4b475c7418f925ab0c97b6750007d9f52e","lessThan":"40c81856e622a9dc59294a90d169ac07ea25b0b0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.143","matchCriteriaId":"BC1232CA-DA4F-4208-AB54-BDD1212D2093"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/40c81856e622a9dc59294a90d169ac07ea25b0b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45e33d43243d71d089af42f5077b8213cee6610f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d6e1dd3ad1340cd8b6d554b7aa93d8f0a1c6d38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c72469ac0f274bde3f0df60a4584e14a123d0aa6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e47bf16af3c45470ea32f2241fa69aefe0dd61bd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53155","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:32.877","lastModified":"2026-07-07T20:10:10.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: use correct flags for device private PMD entry\n\nCommit 65edfda6f3f2 (\"mm/rmap: extend rmap and migration support\ndevice-private entries\") updated set_pmd_migration_entry() to use\npmdp_huge_get_and_clear() in the softleaf case, but made no further\nadjustments to the function itself.\n\nTherefore this function continues to incorrectly use pmd_write(),\npmd_soft_dirty() and pmd_uffd_wp() to determine whether the installed\nmigration entry should be marked writable, softdirty or uffd-wp\nrespectively.\n\nWhilst all are incorrect, the most problematic of these is pmd_write(), as\nthis can lead to corrupted rmap state.\n\nOn x86-64 _PAGE_SWP_SOFT_DIRTY is aliased to _PAGE_RW.  So calling\npmd_write() on a softleaf will return the softdirty state encoded in the\nentry, assuming CONFIG_MEM_SOFT_DIRTY was enabled.\n\nThis was observed when running the hmm.hmm_device_private.anon_write_child\nselftest:\n\n1. The test faults in a range then migrates it such that a device-private\n   THP range is established.\n\n2. The parent then migrates it to a device-private writable PMD entry whose\n   folio is entirely AnonExclusive with entire_mapcount=1, softdirty set\n   (accidentally correct write state).\n\n3. The parent forks and the PMD entries are set to device-private read only\n   entries, entire_mapcount=2, softdirty still set.\n\n4. [BUG] The child writes to the range then migrates to RAM - intending to\n   install non-writable migration entries - but replacing parent and child\n   PMD mappings with WRITABLE entries due to misinterpreting the softdirty\n   bit.\n\n5. In remove_migration_pmd(), if !softleaf_is_migration_read(entry) we\n   set the RMAP_EXCLUSIVE flag when calling folio_add_anon_rmap_pmd() for\n   both parent and child, which are therefore AnonExclusive.\n\n6. [SPLAT] Child sets migrated folio entire_mapcount=1, parent sets\n   entire_mapcount=2 and we end up with an AnonExclusive folio with\n   entire_mapcount=2! Assert fires in __folio_add_anon_rmap():\n\n\t\tVM_WARN_ON_FOLIO(folio_test_large(folio) &&\n\t\t\t\t folio_entire_mapcount(folio) > 1 &&\n\t\t\t\t PageAnonExclusive(cur_page), folio)\n\nThis patch fixes the issue by correctly referencing the softleaf entry\nfields for writable, softdirty and uffd-wp in set_pmd_migration_entry().\n\nIt also only updates A/D flags if the entry is present as these are\notherwise not meaningful for a softleaf entry.\n\nThis patch also flips the if (!present) { ...  } else { ...  } logic in\nset_pmd_migration_entry() so it is easier to understand, and adds some\ncomments to make things clearer.\n\nI was able to bisect this to commit 775465fd26a3 (\"lib/test_hmm: add zone\ndevice private THP test infrastructure\") which first exposes this bug as\nit was the commit that permitted test_hmm to generate the test.\n\nHowever commit 65edfda6f3f2 (\"mm/rmap: extend rmap and migration support\ndevice-private entries\") is the commit that actually enabled this\nbehaviour."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/huge_memory.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"65edfda6f3f2e58f757485a056e4f1775a1404a8","lessThan":"d7251c8d3f7cea76543abac6cf4ed15582c10846","versionType":"git","status":"affected"},{"version":"65edfda6f3f2e58f757485a056e4f1775a1404a8","lessThan":"43e7f189769c512c843184a8a5892ac779a6bd90","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/huge_memory.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/43e7f189769c512c843184a8a5892ac779a6bd90","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7251c8d3f7cea76543abac6cf4ed15582c10846","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53157","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:33.073","lastModified":"2026-07-07T18:54:28.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phonet: free phonet_device after RCU grace period\n\nphonet_device_destroy() removes a phonet_device from the per-net device\nlist with list_del_rcu(), but frees it immediately. RCU readers walking\nthe same list can still hold a pointer to the object after it has been\nremoved, leading to a slab-use-after-free.\n\nUse kfree_rcu(), matching the lifetime rule already used by\nphonet_address_del() for the same object type."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/phonet/pn_dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"d59794337ea496042288c7c68356d9b9ca7f46a9","versionType":"git","status":"affected"},{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"6cd7067d6e4b0b2033ba2f918ecbd54dc2af3763","versionType":"git","status":"affected"},{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"2ec8011cce0cd0fc7a5068585d867fc08d508578","versionType":"git","status":"affected"},{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"09c9b92c2010481160245244ea8fa1d06d5d4ae0","versionType":"git","status":"affected"},{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"bd2ab4d800fc26814d89328d87b5f97ef6aa906a","versionType":"git","status":"affected"},{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"52b8f5ef82c886f7cd24617915e4b1579ddfd001","versionType":"git","status":"affected"},{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"bff309ea51f1395c1ef8be8b75ce62d28a319113","versionType":"git","status":"affected"},{"version":"eeb74a9d45f781ec6f47b9e0a75a6a427b53f165","lessThan":"71de0177b28da751f407581a4515cf4d762f6296","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/phonet/pn_dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.33","status":"affected"},{"version":"0","lessThan":"2.6.33","versionType":"semver","status":"unaffected"},{"version":"5.10.260","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.211","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.177","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.33","versionEndExcluding":"5.10.260","matchCriteriaId":"81A5D91A-3592-4338-B21E-E0947B7A1EA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.211","matchCriteriaId":"D71C101E-388C-4A46-BD99-49049F7C5CFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.177","matchCriteriaId":"333C9E30-7FD4-46A2-94EF-C1AA1F3EE28B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.144","matchCriteriaId":"C8AD3BC8-C843-423C-B9DB-CB52F67F578E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.95","matchCriteriaId":"4E206B86-E0E3-4394-A93F-39F2D50A8AA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09c9b92c2010481160245244ea8fa1d06d5d4ae0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ec8011cce0cd0fc7a5068585d867fc08d508578","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52b8f5ef82c886f7cd24617915e4b1579ddfd001","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6cd7067d6e4b0b2033ba2f918ecbd54dc2af3763","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71de0177b28da751f407581a4515cf4d762f6296","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bd2ab4d800fc26814d89328d87b5f97ef6aa906a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bff309ea51f1395c1ef8be8b75ce62d28a319113","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d59794337ea496042288c7c68356d9b9ca7f46a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53158","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:33.160","lastModified":"2026-07-07T18:51:08.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix NULL pointer dereference in rpmsg callback\n\nA NULL pointer dereference was observed on Hawi at boot when the DSP\nsends a glink message before fastrpc_rpmsg_probe() has completed\ninitialization:\n\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000178\n  pc : _raw_spin_lock_irqsave+0x34/0x8c\n  lr : fastrpc_rpmsg_callback+0x3c/0xcc [fastrpc]\n  ...\n  Call trace:\n   _raw_spin_lock_irqsave+0x34/0x8c (P)\n   fastrpc_rpmsg_callback+0x3c/0xcc [fastrpc]\n   qcom_glink_native_rx+0x538/0x6a4\n   qcom_glink_smem_intr+0x14/0x24 [qcom_glink_smem]\n\nThe faulting address 0x178 corresponds to the lock variable inside\nstruct fastrpc_channel_ctx, confirming that cctx is NULL when\nfastrpc_rpmsg_callback() attempts to take the spinlock.\n\nThere are two issues here. First, dev_set_drvdata() is called before\nspin_lock_init() and idr_init(), leaving a window where the callback\ncan retrieve a valid cctx pointer but operate on an uninitialized\nspinlock. Second, the rpmsg channel becomes live as soon as the driver\nis bound, so fastrpc_rpmsg_callback() can fire before dev_set_drvdata()\nis called at all, resulting in dev_get_drvdata() returning NULL.\n\nFix both issues by moving all cctx initialization ahead of\ndev_set_drvdata() so the structure is fully initialized before it\nbecomes visible to the callback, and add a NULL check in\nfastrpc_rpmsg_callback() as a guard against any remaining window."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/misc/fastrpc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"a3d91218ccca1e990bfb737b5a6da23f0afba22b","versionType":"git","status":"affected"},{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"0d8c64511fd45690c5326f013710efcb4f73a97e","versionType":"git","status":"affected"},{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"150bf6f1193c69252580c19d3b3cd631ddce61d7","versionType":"git","status":"affected"},{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"8fb4a23df5b7c02929b62e5dbc270ec7c42b8134","versionType":"git","status":"affected"},{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"4bfdf0a9855df55e9e031ca6a25b855820590c70","versionType":"git","status":"affected"},{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"d5de9cb5355db36438edc621dde3673e3f235767","versionType":"git","status":"affected"},{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"d77583ca33299fede0c194744ef2284e7ba5b763","versionType":"git","status":"affected"},{"version":"f6f9279f2bf0e37e2f1fb119d8832b8568536a04","lessThan":"5401fb4fe10fac6134c308495df18ed74aebb9c4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/misc/fastrpc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","versionType":"semver","status":"unaffected"},{"version":"5.10.260","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.211","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.177","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.10.260","matchCriteriaId":"862EBF14-A5CD-4F76-AEAF-CD2DBB69F6CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.211","matchCriteriaId":"D71C101E-388C-4A46-BD99-49049F7C5CFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.177","matchCriteriaId":"333C9E30-7FD4-46A2-94EF-C1AA1F3EE28B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0d8c64511fd45690c5326f013710efcb4f73a97e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/150bf6f1193c69252580c19d3b3cd631ddce61d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4bfdf0a9855df55e9e031ca6a25b855820590c70","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5401fb4fe10fac6134c308495df18ed74aebb9c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8fb4a23df5b7c02929b62e5dbc270ec7c42b8134","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3d91218ccca1e990bfb737b5a6da23f0afba22b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5de9cb5355db36438edc621dde3673e3f235767","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d77583ca33299fede0c194744ef2284e7ba5b763","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53159","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:33.267","lastModified":"2026-07-07T18:28:37.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix DMA address corruption due to find_vma misuse\n\nfastrpc_get_args() uses find_vma() to look up the VMA for a user-provided\npointer and compute a DMA address offset. When the address falls in a gap\nbefore the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows,\ncorrupting the DMA address sent to the DSP.\n\nReplace find_vma() with vma_lookup(), which returns NULL when the address\nis not contained within any VMA."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/misc/fastrpc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"d43afc412d439ffca1567e7ca8652be22f272b3b","versionType":"git","status":"affected"},{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2","versionType":"git","status":"affected"},{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"708c17b52c60fe7a57e73b495bdee50f58feb48c","versionType":"git","status":"affected"},{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"d3e26df2e8eb361e6bef096b2fd565476a1f14c4","versionType":"git","status":"affected"},{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"e69e306a4cccb40a73511350cb280825a556ce3c","versionType":"git","status":"affected"},{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"53e06f8a3c2b085c31bf1284e2ebcb8036e99625","versionType":"git","status":"affected"},{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"7ba7b30ddb04646d4d638f4d8c4718a304bbbddd","versionType":"git","status":"affected"},{"version":"80f3afd72bd4149c57daf852905476b43bb47647","lessThan":"464c6ad2aa16e1e1df9d559289199356493d1e00","versionType":"git","status":"affected"},{"version":"954edc466128479872731d06f026d0e71840d153","versionType":"git","status":"affected"},{"version":"5.1.6","lessThan":"5.2","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/misc/fastrpc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.2","status":"affected"},{"version":"0","lessThan":"5.2","versionType":"semver","status":"unaffected"},{"version":"5.10.260","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.6","versionEndExcluding":"5.10.260","matchCriteriaId":"DABC506A-31C0-4D45-BCE8-BF6AF1F6EC19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/464c6ad2aa16e1e1df9d559289199356493d1e00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53e06f8a3c2b085c31bf1284e2ebcb8036e99625","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/708c17b52c60fe7a57e73b495bdee50f58feb48c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ba7b30ddb04646d4d638f4d8c4718a304bbbddd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3e26df2e8eb361e6bef096b2fd565476a1f14c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d43afc412d439ffca1567e7ca8652be22f272b3b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e69e306a4cccb40a73511350cb280825a556ce3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53163","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:33.703","lastModified":"2026-07-07T18:18:53.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/rtmutex: Skip remove_waiter() when waiter is not enqueued\n\nsyzbot triggered the following splat in remove_waiter() via\nFUTEX_CMP_REQUEUE_PI:\n\n  KASAN: null-ptr-deref in range [0x0000000000000a88-0x0000000000000a8f]\n   class_raw_spinlock_constructor\n   remove_waiter+0x159/0x1200 kernel/locking/rtmutex.c:1561\n   rt_mutex_start_proxy_lock+0x103/0x120\n   futex_requeue+0x10e4/0x20d0\n   __x64_sys_futex+0x34f/0x4d0\n\ntask_blocks_on_rt_mutex() does not arm the waiter upon deadlock detection,\nleaving waiter->task nil, where 3bfdc63936dd (\"rtmutex: Use waiter::task instead\nof current in remove_waiter()\") made this fatal.\n\nFurthermore, rt_mutex_start_proxy_lock() should not be calling into remove_waiter()\nupon a successfully grabbing the rtmutex. 1a1fb985f2e2 (\"futex: Handle early deadlock\nreturn correctly\"), moved the remove_waiter() out of __rt_mutex_start_proxy_lock()\n(where 'ret' was only ever 0 or < 0) into the wrapper. Tighten this check to\naccount for try_to_take_rt_mutex()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/locking/rtmutex.c","kernel/locking/rtmutex_api.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d8cce4773c2b23d819baf5abedc62f7b430e8745","lessThan":"4afda3a1da02129568a3a2f1898aa13e6763bcba","versionType":"git","status":"affected"},{"version":"8a1fc8d698ac5e5916e3082a0f74450d71f9611f","lessThan":"6707d7e0b71748cb3cd95bad81dae5fe1b3c8f48","versionType":"git","status":"affected"},{"version":"6d52dfcb2a5db86e346cf51f8fcf2071b8085166","lessThan":"5799f9bd7fee40370b93ab1ddf001cdc7017c14d","versionType":"git","status":"affected"},{"version":"3fb7394a837740770f0d6b4b30567e60786a63f2","lessThan":"a388e3dfaf9538a680de5ed43a8ebb5dd45b6e53","versionType":"git","status":"affected"},{"version":"88614876370aac8ad1050ad785a4c095ba17ac11","lessThan":"55363fa0a04524d11efeaadee734d2db1756ed27","versionType":"git","status":"affected"},{"version":"3bfdc63936dd4773109b7b8c280c0f3b5ae7d349","lessThan":"40a25d59e85b3c8709ac2424d44f65610467871e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/locking/rtmutex.c","kernel/locking/rtmutex_api.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.1.175","lessThan":"6.1.177","versionType":"semver","status":"affected"},{"version":"6.6.140","lessThan":"6.6.144","versionType":"semver","status":"affected"},{"version":"6.12.86","lessThan":"6.12.95","versionType":"semver","status":"affected"},{"version":"6.18.27","lessThan":"6.18.36","versionType":"semver","status":"affected"},{"version":"7.0.4","lessThan":"7.0.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.175","versionEndExcluding":"6.1.177","matchCriteriaId":"B671F99F-A7DA-4E56-AA53-5D0F421457C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.140","versionEndExcluding":"6.6.144","matchCriteriaId":"86F30E4E-AC0B-4F7E-BD0D-8B4DFF40C8E5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.86","versionEndExcluding":"6.12.95","matchCriteriaId":"E5EF703A-D390-43B3-B446-C8E9FE7715F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.27","versionEndExcluding":"6.18.36","matchCriteriaId":"77EECC86-EF99-42BB-9E8B-BC85490BB6F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.4","versionEndExcluding":"7.0.13","matchCriteriaId":"F87AE0D1-AA9F-4A8B-9D27-A09D9695BD2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/40a25d59e85b3c8709ac2424d44f65610467871e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4afda3a1da02129568a3a2f1898aa13e6763bcba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/55363fa0a04524d11efeaadee734d2db1756ed27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5799f9bd7fee40370b93ab1ddf001cdc7017c14d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6707d7e0b71748cb3cd95bad81dae5fe1b3c8f48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a388e3dfaf9538a680de5ed43a8ebb5dd45b6e53","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53164","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:33.800","lastModified":"2026-07-07T18:14:53.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/dma: Do not try to iommu_map a 0 length region in swiotlb\n\niommu_dma_iova_link_swiotlb() processes a mapping that is unaligned in three\nparts, the head, middle and trailer. If the middle is empty because there\nare no aligned pages it will call down to iommu_map() with a 0 size\nwhich the iommupt implementation will fail as illegal.\n\nIt then tries to do an error unwind and starts from the wrong spot\ncorrupting the mapping so the eventual destruction triggers a WARN_ON.\n\nCheck for 0 length and avoid mapping and use offset not 0 as the starting\npoint to unlink.\n\nThis is frequently triggered by using some kinds of thunderbolt NVMe\ndrives that trigger forced SWIOTLB for unaligned memory. NVMe seems to\npass in oddly aligned buffers for the passthrough commands from smartctl\nthat hit this condition."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iommu/dma-iommu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"433a76207dcf5facc0183acb790f6e8398585258","lessThan":"ab61c990a87d084f5565ee70340543e3a5394697","versionType":"git","status":"affected"},{"version":"433a76207dcf5facc0183acb790f6e8398585258","lessThan":"b16f8d40bac9ced838d24c9842707af9ecae92e2","versionType":"git","status":"affected"},{"version":"433a76207dcf5facc0183acb790f6e8398585258","lessThan":"6ec91df8aff77e2e8fe3179c1f3fc15b43a40ba3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iommu/dma-iommu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.36","matchCriteriaId":"C502A34A-34EF-41DB-9280-104B7360171B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6ec91df8aff77e2e8fe3179c1f3fc15b43a40ba3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab61c990a87d084f5565ee70340543e3a5394697","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b16f8d40bac9ced838d24c9842707af9ecae92e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53165","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:33.893","lastModified":"2026-07-07T18:14:02.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid potential null folio->mapping deref during error reporting\n\nWhen a buffered read fails, iomap_finish_folio_read() reports the error\nwith fserror_report_io(folio->mapping->host, ...). This is called after\nifs->read_bytes_pending has been decremented by the bytes attempted to\nbe read.\n\nFor a folio split across multiple read completions, the folio is only\nguaranteed to stay locked while read_bytes_pending > 0. Once\niomap_finish_folio_read() decrements read_bytes_pending, another\nin-flight read can complete and end the read on the folio, which unlocks\nit. This allows truncate logic to run and detach the folio (set\nfolio->mapping to NULL). The error reporting path then can dereference a\nNULL folio->mapping. As reported by Sam Sun, this is the race that can\noccur:\n\nCPU0: failed completion      CPU1: final completion     CPU2: truncate\n-----------------------      ----------------------     --------------\nread_bytes_pending -= len\nfinished = false\n/* preempted before\n   fserror_report_io() */\n\t\t\t     read_bytes_pending -= len\n\t\t\t     finished = true\n\t\t\t     folio_end_read()\n\t\t\t\t\t\t\ttruncate clears\n\t\t\t\t\t\t\tfolio->mapping\nfserror_report_io(\n  folio->mapping->host, ...)\n\t      ^ NULL deref\n\nFix this by reporting the error first before decrementing\nifs->read_bytes_pending."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/iomap/buffered-io.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a9d573ee88af980f14fdadb5c12bbf6a195fb3f1","lessThan":"1ad453817a4077230d1ba88eb0868f05f824449a","versionType":"git","status":"affected"},{"version":"a9d573ee88af980f14fdadb5c12bbf6a195fb3f1","lessThan":"2eea7f44b9c8b42fd7d3a1a87c06a7cd1b99c327","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/iomap/buffered-io.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.0.13","matchCriteriaId":"A6A85CDC-815A-4808-8C81-4703E7947CC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1ad453817a4077230d1ba88eb0868f05f824449a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2eea7f44b9c8b42fd7d3a1a87c06a7cd1b99c327","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53232","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.107","lastModified":"2026-07-07T18:07:58.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clean the sfp upstream if phy probing fails\n\nSashiko reported that we don't call sfp_bus_del_upstream() in the probe\nfailure path, so let's add it, otherwise the sfp-bus is left with a\ndangling 'upstream' field, that may be used later on during SFP events.\n\nThis issue existed before the generic phylib sfp support, back when\ndrivers were calling phy_sfp_probe themselves."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/phy/phy_device.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"298e54fa810e027f1b0800d789eb862592721f08","lessThan":"48774e87bbaa0056819d4b52301e4692e50e3252","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/phy/phy_device.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"7.1","matchCriteriaId":"6F0D8DAC-6E14-4C87-8E08-01985E0990CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/48774e87bbaa0056819d4b52301e4692e50e3252","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-48933","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.833","lastModified":"2026-07-07T12:16:56.600","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:05:58.547904Z","id":"CVE-2026-48933","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:28727","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29012","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30172","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35842","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35892","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7378","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9455","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-48933","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2493331","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48933.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-13573","sourceIdentifier":"cna@vuldb.com","published":"2026-06-29T15:16:38.687","lastModified":"2026-07-07T15:16:42.540","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The presence of this vulnerability remains uncertain at this time. The LLVM project explains, that the reported behavior is outside its documented security scope and therefore not considered a security vulnerability."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"llvm","product":"llvm-project","cpes":["cpe:2.3:a:llvm:llvm-project:*:*:*:*:*:*:*:*"],"modules":["ValueSymbolTable Module"],"versions":[{"version":"22.1.0","status":"affected"},{"version":"22.1.1","status":"affected"},{"version":"22.1.2","status":"affected"},{"version":"22.1.3","status":"affected"},{"version":"22.1.4","status":"affected"},{"version":"22.1.5","status":"affected"},{"version":"22.1.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-29T15:23:01.490159Z","id":"CVE-2026-13573","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/llvm/llvm-project/","source":"cna@vuldb.com"},{"url":"https://github.com/llvm/llvm-project/issues/199187","source":"cna@vuldb.com"},{"url":"https://github.com/user-attachments/files/28141697/poc.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-13573","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844457","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/374581","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/374581/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-13574","sourceIdentifier":"cna@vuldb.com","published":"2026-06-29T15:16:38.857","lastModified":"2026-07-07T15:16:42.707","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. There are still doubts about whether this vulnerability truly exists. The LLVM project explains, that the reported behavior is outside its documented security scope and therefore not considered a security vulnerability."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"llvm","product":"llvm-project","cpes":["cpe:2.3:a:llvm:llvm-project:*:*:*:*:*:*:*:*"],"modules":["Bitcode File Handler"],"versions":[{"version":"22.1.0","status":"affected"},{"version":"22.1.1","status":"affected"},{"version":"22.1.2","status":"affected"},{"version":"22.1.3","status":"affected"},{"version":"22.1.4","status":"affected"},{"version":"22.1.5","status":"affected"},{"version":"22.1.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-01T14:03:05.481009Z","id":"CVE-2026-13574","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/llvm/llvm-project/","source":"cna@vuldb.com"},{"url":"https://github.com/llvm/llvm-project/issues/199191","source":"cna@vuldb.com"},{"url":"https://github.com/user-attachments/files/28142619/poc.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-13574","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844468","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/374582","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/374582/cti","source":"cna@vuldb.com"},{"url":"https://github.com/llvm/llvm-project/issues/199191","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58521","sourceIdentifier":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","published":"2026-07-01T18:16:36.107","lastModified":"2026-07-07T18:40:36.247","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection.\n\nThis issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4."}],"affected":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","affectedData":[{"vendor":"The Wikimedia Foundation","product":"Mediawiki - Cargo Extension","defaultStatus":"unaffected","versions":[{"version":"*","lessThan":"1.43.9,1.44.6,1.45.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-01T17:57:51.606026Z","id":"CVE-2026-58521","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:cargo:*:*:*:*:*:mediawiki:*:*","versionEndExcluding":"3.9.1","matchCriteriaId":"6EBCE1E7-BC43-44E6-BE47-F0BC8FC91966"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionEndExcluding":"1.43.9","matchCriteriaId":"330657E1-3C26-4064-9B9E-5F3C5A72E3FD"},{"vulnerable":false,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.44.0","versionEndExcluding":"1.44.6","matchCriteriaId":"8F0FD7F7-0D82-4E68-91D8-0ADAE54CB8C5"},{"vulnerable":false,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.45.0","versionEndExcluding":"1.45.4","matchCriteriaId":"439E39DA-8BB7-4AF7-9F42-E334A9B4AD3E"}]}]}],"references":[{"url":"https://gerrit.wikimedia.org/r/c/1298854","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Issue Tracking"]},{"url":"https://phabricator.wikimedia.org/T428274","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Patch","Vendor Advisory"]},{"url":"https://phabricator.wikimedia.org/T428274","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14363","sourceIdentifier":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","published":"2026-07-01T20:17:08.330","lastModified":"2026-07-07T18:38:04.320","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection.\n\nThis issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4."}],"affected":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","affectedData":[{"vendor":"The Wikimedia Foundation","product":"Mediawiki - Cargo Extension","defaultStatus":"unaffected","versions":[{"version":"*","lessThan":"1.43.9,1.44.6,1.45.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T13:10:13.552599Z","id":"CVE-2026-14363","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:cargo:*:*:*:*:*:mediawiki:*:*","versionEndExcluding":"3.9.1","matchCriteriaId":"6EBCE1E7-BC43-44E6-BE47-F0BC8FC91966"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionEndExcluding":"1.43.9","matchCriteriaId":"330657E1-3C26-4064-9B9E-5F3C5A72E3FD"},{"vulnerable":false,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.44.0","versionEndExcluding":"1.44.6","matchCriteriaId":"8F0FD7F7-0D82-4E68-91D8-0ADAE54CB8C5"},{"vulnerable":false,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.45.0","versionEndExcluding":"1.45.4","matchCriteriaId":"439E39DA-8BB7-4AF7-9F42-E334A9B4AD3E"}]}]}],"references":[{"url":"https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1269701","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Issue Tracking"]},{"url":"https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/1279498","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Issue Tracking"]},{"url":"https://phabricator.wikimedia.org/T422774","source":"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc","tags":["Third Party Advisory"]},{"url":"https://phabricator.wikimedia.org/T422774","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-58593","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-01T20:17:11.750","lastModified":"2026-07-07T13:16:32.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedTo is used directly as a uid, and actors.assert silently ignores numeric identifiers (filtering them out without re-deriving the uid), so a federated remote actor can set attributedTo to a bare numeric value such as 1 and have the resulting post or private message created with that local uid as author, including the administrator account. This lets a remote attacker forge posts and direct messages attributed to arbitrary local users. Requires the ActivityPub/federation feature to be enabled."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"NodeBB","product":"NodeBB","defaultStatus":"affected","versions":[{"version":"4.13.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T15:08:35.864075Z","id":"CVE-2026-58593","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*","versionEndIncluding":"4.13.2","matchCriteriaId":"C2E78322-362C-4F8A-9BFF-7AC22A4C687E"}]}]}],"references":[{"url":"https://github.com/NodeBB/NodeBB/blob/v4.13.2/src/activitypub/mocks.js","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/bikini/exploitarium/tree/main/nodebb-activitypub-attributedto-local-uid-spoof-poc","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/nodebb-activitypub-author-spoofing-via-unvalidated-attributedto-mapped-to-local-user","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54408","sourceIdentifier":"support@hackerone.com","published":"2026-07-02T15:17:04.523","lastModified":"2026-07-07T16:33:15.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi Protect Application","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.83","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T16:08:19.674522Z","id":"CVE-2026-54408","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_protect:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.83","matchCriteriaId":"CCB52AC4-8FD0-49B7-A3C2-42BB928906BB"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54409","sourceIdentifier":"support@hackerone.com","published":"2026-07-02T15:17:04.627","lastModified":"2026-07-07T16:34:31.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi Protect Application","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.83","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T16:09:56.430776Z","id":"CVE-2026-54409","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-665"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_protect:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.83","matchCriteriaId":"CCB52AC4-8FD0-49B7-A3C2-42BB928906BB"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55115","sourceIdentifier":"support@hackerone.com","published":"2026-07-02T15:17:05.513","lastModified":"2026-07-07T16:36:26.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi Protect Application","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.83","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T15:41:27.696866Z","id":"CVE-2026-55115","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_protect:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.83","matchCriteriaId":"CCB52AC4-8FD0-49B7-A3C2-42BB928906BB"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9272","sourceIdentifier":"security@progress.com","published":"2026-07-02T15:17:11.937","lastModified":"2026-07-07T16:37:11.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress Software","product":"Flowmon ADS","defaultStatus":"affected","versions":[{"version":"Flowmon ADS 12 versions prior to 12.5.6","versionType":"custom","status":"affected"},{"version":"Flowmon ADS 13 versions prior to 13.0.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T00:00:00+00:00","id":"CVE-2026-9272","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:flowmon_anomaly_detection_system:*:*:*:*:*:*:*:*","versionStartIncluding":"12.5.0","versionEndExcluding":"12.5.6","matchCriteriaId":"60D0F762-0F40-4B9A-A149-497183BB45DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:flowmon_anomaly_detection_system:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.0.5","matchCriteriaId":"9B087230-F276-4512-8098-77C8587E0C63"}]}]}],"references":[{"url":"https://community.progress.com/s/article/Flowmon-CVE-2026-9272","source":"security@progress.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44941","sourceIdentifier":"meissner@suse.de","published":"2026-07-02T16:16:30.550","lastModified":"2026-07-07T17:27:50.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A relative path traversal in the \"keyhint\" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root."}],"affected":[{"source":"meissner@suse.de","affectedData":[{"vendor":"SUSE","product":"libzypp","defaultStatus":"unaffected","packageName":"libzypp","repo":"https://github.com/openSUSE/libzypp/","versions":[{"version":"0","lessThan":"17.38.12","versionType":"rpm","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-03T03:56:15.064595Z","id":"CVE-2026-44941","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"meissner@suse.de","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*","versionEndExcluding":"17.38.12","matchCriteriaId":"9BBF2953-1544-41D0-8CB2-059C0EF29A14"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1267426","source":"meissner@suse.de","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/openSUSE/libzypp/commit/294b1bad442d089ca671c5c03adc8031e3b29e04","source":"meissner@suse.de","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53422","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-02T17:17:01.473","lastModified":"2026-07-07T14:56:32.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory.\n\nThe SSH_FXP_REALPATH handler in ssh_sftpd calls relate_file_name/3 with Canonicalize=false, unlike every other SFTP operation handler. This allows .. components in the requested path to bypass the is_within_root/2 check without being resolved. The un-canonicalized path then enters resolve_symlinks/2, which walks up the directory tree above the configured root and issues read_link() syscalls on arbitrary filesystem paths.\n\nAn authenticated SFTP client can exploit this by sending a REALPATH request with a crafted traversal path. The server response differs depending on whether the target path exists on the host filesystem (SSH_FXP_NAME when the path resolves successfully, SSH_FX_NO_SUCH_FILE when it does not). This creates a path-existence oracle that an attacker can use to enumerate the filesystem structure outside the configured root, including the existence of sensitive files, directories, and mount points.\n\nThe vulnerability leaks only the existence of paths. No file contents, credentials, or write access are obtainable through this issue alone. The information gained may assist further attacks when combined with other vulnerabilities.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routine ssh_sftpd:handle_op/4.\n\nThis issue affects OTP from OTP 17.0 until OTP 29.0.3, 28.5.0.3, and 27.3.4.14 corresponding to ssh from 3.0.1 until 6.0.2, 5.5.2.2, and 5.2.11.9."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","packageName":"ssh","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["ssh_sftpd"],"programFiles":["src/ssh_sftpd.erl"],"programRoutines":[{"name":"ssh_sftpd:handle_op/4"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","versions":[{"version":"3.0.1","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"6.0.2","status":"unaffected"},{"at":"5.5.2.2","status":"unaffected"},{"at":"5.2.11.9","status":"unaffected"}]}]},{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"erlang/otp","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["ssh_sftpd"],"programFiles":["lib/ssh/src/ssh_sftpd.erl"],"programRoutines":[{"name":"ssh_sftpd:handle_op/4"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:github/erlang/otp","versions":[{"version":"17.0","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"29.0.3","status":"unaffected"},{"at":"28.5.0.3","status":"unaffected"},{"at":"27.3.4.14","status":"unaffected"}]},{"version":"84adefa331c4159d432d22840663c38f155cd4c1","lessThan":"*","versionType":"git","status":"affected","changes":[{"at":"059e5785ef8c1d423820ca633fb7b37f47645172","status":"unaffected"},{"at":"86622cfaacf57a02c7645d1999f946846b504c94","status":"unaffected"},{"at":"c5a8f50ae68888ff243c5c741a06d2b3a4b48b7a","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T17:29:13.490797Z","id":"CVE-2026-53422","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"27.3.4.14","matchCriteriaId":"863CA902-6EB1-46CB-BC52-22F3AC6B4A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.5.0.3","matchCriteriaId":"230E3EE3-6A18-4848-8E3D-DB0FAA8EDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"29.0","versionEndExcluding":"29.0.3","matchCriteriaId":"5D2D0C24-E302-48BF-9550-CCC7ABA24BED"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndExcluding":"5.2.11.9","matchCriteriaId":"95A15E38-CAD2-4125-8BE5-459E49DFC7A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.5.2.2","matchCriteriaId":"DB94AEFD-9387-4C22-B323-D0E5CB5D0E75"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.0.2","matchCriteriaId":"4304282D-4C02-4CE4-AB77-476A763C1F69"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-53422.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/059e5785ef8c1d423820ca633fb7b37f47645172","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/86622cfaacf57a02c7645d1999f946846b504c94","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/c5a8f50ae68888ff243c5c741a06d2b3a4b48b7a","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-h9pw-h5w4-h976","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-53422","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-54886","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-02T17:17:02.387","lastModified":"2026-07-07T14:53:35.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently unresponsive.\n\nThe handle_data/4 function in ssh_sftpd contains a catch-all clause that accepts channel data of any type. When channel data with a non-zero type code (SSH_MSG_CHANNEL_EXTENDED_DATA) arrives with an empty pending buffer and a payload at or below the SFTP packet size limit, the clause tail-calls itself with identical arguments, creating an infinite loop.\n\nThe SFTP protocol operates exclusively on normal channel data (type 0). Extended data (non-zero type) is meaningless for SFTP and is never sent by conforming clients. However, the SSH protocol permits any channel participant to send extended data on an open channel, so an authenticated SFTP client can trigger the loop by sending SSH_MSG_CHANNEL_EXTENDED_DATA with any data_type_code and any non-empty payload at or below the size limit.\n\nThe targeted ssh_sftpd process enters an infinite tail-recursive loop. It never processes another message, its message queue grows without bound, and it can only be stopped by killing the process. BEAM's reduction-based scheduler preemption continues to function, so other processes on the node are not starved, but each stuck channel process consumes its full CPU time share continuously and accumulates unbounded message queue memory. Opening many channels amplifies the CPU and memory impact.\n\nErlang/OTP SSH configurations using the default max_channels setting (infinity) allow an authenticated user to open unlimited channels per connection, amplifying the attack without requiring multiple TCP connections or authentications.\n\nNo file contents, credentials, or write access are obtainable through this issue. The impact is limited to denial of service on targeted SFTP channels, with secondary CPU degradation and memory growth.\n\nThis vulnerability is associated with program file lib/ssh/src/ssh_sftpd.erl and program routine ssh_sftpd:handle_data/4.\n\nThis issue affects OTP from OTP 17.0 until OTP 29.0.3, 28.5.0.3, and 27.3.4.14 corresponding to ssh from 3.0.1 until 6.0.2, 5.5.2.2, and 5.2.11.9."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","packageName":"ssh","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["ssh_sftpd"],"programFiles":["src/ssh_sftpd.erl"],"programRoutines":[{"name":"ssh_sftpd:handle_data/4"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","versions":[{"version":"3.0.1","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"6.0.2","status":"unaffected"},{"at":"5.5.2.2","status":"unaffected"},{"at":"5.2.11.9","status":"unaffected"}]}]},{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"erlang/otp","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["ssh_sftpd"],"programFiles":["lib/ssh/src/ssh_sftpd.erl"],"programRoutines":[{"name":"ssh_sftpd:handle_data/4"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:github/erlang/otp","versions":[{"version":"17.0","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"29.0.3","status":"unaffected"},{"at":"28.5.0.3","status":"unaffected"},{"at":"27.3.4.14","status":"unaffected"}]},{"version":"84adefa3318eef8631bf25cd233246a86eea18cd","lessThan":"eaf9550b8ad4738b81149d3f617102d980c6dd18","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T17:27:25.414155Z","id":"CVE-2026-54886","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"27.3.4.14","matchCriteriaId":"863CA902-6EB1-46CB-BC52-22F3AC6B4A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.5.0.3","matchCriteriaId":"230E3EE3-6A18-4848-8E3D-DB0FAA8EDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"29.0","versionEndExcluding":"29.0.3","matchCriteriaId":"5D2D0C24-E302-48BF-9550-CCC7ABA24BED"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.1","versionEndExcluding":"5.2.11.9","matchCriteriaId":"95A15E38-CAD2-4125-8BE5-459E49DFC7A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.5.2.2","matchCriteriaId":"DB94AEFD-9387-4C22-B323-D0E5CB5D0E75"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.0.2","matchCriteriaId":"4304282D-4C02-4CE4-AB77-476A763C1F69"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-54886.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/eaf9550b8ad4738b81149d3f617102d980c6dd18","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-7wp4-pc27-2vj9","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-54886","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-54887","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-02T17:17:02.570","lastModified":"2026-07-07T14:52:32.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass.\n\nOn DTLS server startup, dtls_server_connection:initial_hello/3 initializes previous_cookie_secret to the empty binary (<<>>) instead of a random value. Because HMAC with an empty key is deterministic, anyone who observes the plaintext ClientHello can compute dtls_handshake:cookie(<<>>, IP, Port, Hello) and forge a valid DTLS cookie before the first rotation of the cookie secret. The DTLS cookie (RFC 6347 §4.2.1) is a denial-of-service mitigation that prevents spoofed source IPs from forcing the server to allocate state and perform expensive cryptographic operations; it is not an authentication mechanism. During the window from server startup until the first secret rotation (0 to 15 seconds), an attacker who can observe the plaintext ClientHello can bypass the source address verification, enabling DTLS handshake amplification with spoofed source addresses.\n\nThis vulnerability is associated with program file lib/ssl/src/dtls_server_connection.erl and program routine dtls_server_connection:initial_hello/3.\n\nThis issue affects OTP from OTP 20.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 8.2 before 11.7.3, 11.6.0.3 and 11.2.12.10."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","packageName":"ssl","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["dtls_server_connection"],"programFiles":["src/dtls_server_connection.erl"],"programRoutines":[{"name":"dtls_server_connection:initial_hello/3"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:otp/ssl?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","versions":[{"version":"8.2","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"11.7.3","status":"unaffected"},{"at":"11.6.0.3","status":"unaffected"},{"at":"11.2.12.10","status":"unaffected"}]}]},{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"erlang/otp","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["dtls_server_connection"],"programFiles":["lib/ssl/src/dtls_server_connection.erl"],"programRoutines":[{"name":"dtls_server_connection:initial_hello/3"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:github/erlang/otp","versions":[{"version":"20.0","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"29.0.3","status":"unaffected"},{"at":"28.5.0.3","status":"unaffected"},{"at":"27.3.4.14","status":"unaffected"}]},{"version":"e594aad2f87aab39e99fccf9e021bc94e0bbf7d4","lessThan":"888e3bcd72d5406016b9e0de741026bc2a6f114d","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T17:28:36.936306Z","id":"CVE-2026-54887","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-1394"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"20.0","versionEndExcluding":"27.3.4.14","matchCriteriaId":"9518F36D-1DBF-4D55-8FF3-FB98F16B46F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.5.0.3","matchCriteriaId":"230E3EE3-6A18-4848-8E3D-DB0FAA8EDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"29.0","versionEndExcluding":"29.0.3","matchCriteriaId":"5D2D0C24-E302-48BF-9550-CCC7ABA24BED"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2","versionEndExcluding":"11.2.12.10","matchCriteriaId":"8BC761D4-709A-4B2B-92E6-6B6E8B98E5B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3","versionEndExcluding":"11.6.0.3","matchCriteriaId":"670E1622-32D4-45D0-A05E-9A3F76CC0F15"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7","versionEndExcluding":"11.7.3","matchCriteriaId":"217D7CA5-49E9-4805-A2F6-32EC75F6EE91"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-54887.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/888e3bcd72d5406016b9e0de741026bc2a6f114d","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-p2m2-3c2w-8jp8","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-54887","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-54891","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-02T17:17:02.747","lastModified":"2026-07-07T14:46:21.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data.\n\nThe function tls_gen_connection:handle_protocol_record/3 rejects APPLICATION_DATA records that arrive in pre-handshake states when the TLS endpoint acts as a server, but does not apply the same check when the endpoint acts as a client. A network-positioned attacker can send plaintext APPLICATION_DATA records to the client during the handshake. The records are buffered and, once the handshake completes successfully, delivered to the application as if they were authenticated post-handshake data. The attacker cannot observe the client's response or steer the connection, so the impact is limited to blind injection of unauthenticated bytes. The injection window is wider for TLS versions prior to TLS 1.3 than for TLS 1.3.\n\nThis vulnerability is associated with program file lib/ssl/src/tls_gen_connection.erl.\n\nThis issue affects OTP from OTP 17.0 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 5.3.4 before 11.7.3, 11.6.0.3 and 11.2.12.10. TLS 1.3 is affected starting with OTP 22.0, when TLS 1.3 support was added."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","packageName":"ssl","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["tls_gen_connection"],"programFiles":["src/tls_gen_connection.erl"],"programRoutines":[{"name":"tls_gen_connection:handle_protocol_record/3"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:otp/ssl?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","versions":[{"version":"5.3.4","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"11.7.3","status":"unaffected"},{"at":"11.6.0.3","status":"unaffected"},{"at":"11.2.12.10","status":"unaffected"}]}]},{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"erlang/otp","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["tls_gen_connection"],"programFiles":["lib/ssl/src/tls_gen_connection.erl"],"programRoutines":[{"name":"tls_gen_connection:handle_protocol_record/3"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:github/erlang/otp","versions":[{"version":"17.0","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"29.0.3","status":"unaffected"},{"at":"28.5.0.3","status":"unaffected"},{"at":"27.3.4.14","status":"unaffected"}]},{"version":"84adefa331c4159d432d22840663c38f155cd4c1","lessThan":"07d2d0e93f6aaf7652a81e8df075fc1728da5e96","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T17:24:44.468465Z","id":"CVE-2026-54891","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-924"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndExcluding":"27.3.4.14","matchCriteriaId":"863CA902-6EB1-46CB-BC52-22F3AC6B4A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.5.0.3","matchCriteriaId":"230E3EE3-6A18-4848-8E3D-DB0FAA8EDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"29.0","versionEndExcluding":"29.0.3","matchCriteriaId":"5D2D0C24-E302-48BF-9550-CCC7ABA24BED"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.4","versionEndExcluding":"11.2.12.10","matchCriteriaId":"FF4A7DEF-7E28-4DDF-A40F-45AB902AB04F"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3","versionEndExcluding":"11.6.0.3","matchCriteriaId":"670E1622-32D4-45D0-A05E-9A3F76CC0F15"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7","versionEndExcluding":"11.7.3","matchCriteriaId":"217D7CA5-49E9-4805-A2F6-32EC75F6EE91"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-54891.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/07d2d0e93f6aaf7652a81e8df075fc1728da5e96","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-gf6r-99xw-6qg6","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-54891","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-55950","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-02T17:17:02.910","lastModified":"2026-07-07T14:45:59.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener.\n\nA DTLS server listener uses a single shared dtls_packet_demux gen_server process to route incoming UDP datagrams to the correct connection handler. When a DTLS client reconnects rapidly from the same source address and port (sending multiple ClientHello messages in quick succession), a race condition in the demux's internal gb_trees key-value store causes a {key_exists, {old, Client}} crash, terminating the demux process. Because the demux is shared across all DTLS associations on that listener, its crash immediately kills every active DTLS session, not just the attacker's.\n\nThe attack is pre-authentication: the attacker only needs to send UDP datagrams containing valid ClientHello messages from the same source IP and port before the intermediate DOWN monitor message is processed by the gen_server. No credentials, no completed handshake, and no special configuration are required, and the crash can be repeated indefinitely to create a persistent denial of service for all clients of that listener.\n\nThis vulnerability is associated with program file lib/ssl/src/dtls_packet_demux.erl.\n\nThis issue affects OTP from OTP 25.3 before 29.0.3, 28.5.0.3, and 27.3.4.14 corresponding to ssl from 10.9 before 11.7.3, 11.6.0.3, and 11.2.12.10."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","packageName":"ssl","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["dtls_packet_demux"],"programFiles":["src/dtls_packet_demux.erl"],"programRoutines":[{"name":"dtls_packet_demux:handle_call/3"},{"name":"dtls_packet_demux:handle_info/2"},{"name":"dtls_packet_demux:new_connection/2"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:otp/ssl?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","versions":[{"version":"10.9","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"11.7.3","status":"unaffected"},{"at":"11.6.0.3","status":"unaffected"},{"at":"11.2.12.10","status":"unaffected"}]}]},{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"erlang/otp","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["dtls_packet_demux"],"programFiles":["lib/ssl/src/dtls_packet_demux.erl"],"programRoutines":[{"name":"dtls_packet_demux:handle_call/3"},{"name":"dtls_packet_demux:handle_info/2"},{"name":"dtls_packet_demux:new_connection/2"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:github/erlang/otp","versions":[{"version":"25.3","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"29.0.3","status":"unaffected"},{"at":"28.5.0.3","status":"unaffected"},{"at":"27.3.4.14","status":"unaffected"}]},{"version":"44dcb4c3d900777493ce2a6129f451aa475811f9","lessThan":"e44d2bf01c4473ef2ea7f09e3523cf96de6e4a04","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T17:25:47.169172Z","id":"CVE-2026-55950","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"25.3","versionEndExcluding":"27.3.4.14","matchCriteriaId":"6C582A53-04F6-4606-9FC5-191C948E4890"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.5.0.3","matchCriteriaId":"230E3EE3-6A18-4848-8E3D-DB0FAA8EDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"29.0","versionEndExcluding":"29.0.3","matchCriteriaId":"5D2D0C24-E302-48BF-9550-CCC7ABA24BED"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"10.9","versionEndExcluding":"11.2.12.10","matchCriteriaId":"B28E54A4-DCFD-4B62-A526-8A3EEE07B3F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3","versionEndExcluding":"11.6.0.3","matchCriteriaId":"670E1622-32D4-45D0-A05E-9A3F76CC0F15"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7","versionEndExcluding":"11.7.3","matchCriteriaId":"217D7CA5-49E9-4805-A2F6-32EC75F6EE91"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-55950.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/e44d2bf01c4473ef2ea7f09e3523cf96de6e4a04","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-hwfc-5hf4-gvr3","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-55950","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-55952","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-02T17:17:03.067","lastModified":"2026-07-07T14:44:47.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with a mismatched number of identities and binders is forwarded directly to tls_server_session_ticket:use/4, which crashes the session ticket handler process.\n\nAn unauthenticated remote attacker can send a single crafted ClientHello to a TLS 1.3 server with session tickets enabled (stateful or stateless mode) and permanently disrupt session ticket handling on that listener. New TLS 1.3 handshakes complete but subsequently crash when the server attempts to issue a session ticket, effectively making TLS 1.3 unusable on the affected listener until the ssl application is restarted. TLS 1.2 connections are not affected.\n\nThis issue affects OTP from 22.2 before 29.0.3, 28.5.0.3 and 27.3.4.14 corresponding to ssl from 9.5 before 11.7.3, 11.6.0.3 and 11.2.12.10."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","packageName":"ssl","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["tls_handshake_1_3"],"programFiles":["src/tls_handshake_1_3.erl"],"programRoutines":[{"name":"tls_handshake_1_3:handle_pre_shared_key/3"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:otp/ssl?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","versions":[{"version":"9.5","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"11.7.3","status":"unaffected"},{"at":"11.6.0.3","status":"unaffected"},{"at":"11.2.12.10","status":"unaffected"}]}]},{"vendor":"Erlang","product":"OTP","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"erlang/otp","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"modules":["tls_handshake_1_3"],"programFiles":["lib/ssl/src/tls_handshake_1_3.erl"],"programRoutines":[{"name":"tls_handshake_1_3:handle_pre_shared_key/3"}],"repo":"https://github.com/erlang/otp","packageURL":"pkg:github/erlang/otp","versions":[{"version":"22.2","lessThan":"*","versionType":"otp","status":"affected","changes":[{"at":"29.0.3","status":"unaffected"},{"at":"28.5.0.3","status":"unaffected"},{"at":"27.3.4.14","status":"unaffected"}]},{"version":"339a279f02ce38a7b23010e56000613e19abb21f","lessThan":"*","versionType":"git","status":"affected","changes":[{"at":"e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce","status":"unaffected"},{"at":"2c3e599797644310e5d4aa39c7193420e59dadff","status":"unaffected"},{"at":"9b5437c72fa3403a75c1aba28e5c532bc191c662","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T17:28:09.569991Z","id":"CVE-2026-55952","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"22.2","versionEndExcluding":"27.3.4.14","matchCriteriaId":"B6121E70-2794-46A4-A282-817CC75FA8CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"28.0","versionEndExcluding":"28.5.0.3","matchCriteriaId":"230E3EE3-6A18-4848-8E3D-DB0FAA8EDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionStartIncluding":"29.0","versionEndExcluding":"29.0.3","matchCriteriaId":"5D2D0C24-E302-48BF-9550-CCC7ABA24BED"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"9.5","versionEndExcluding":"11.2.12.10","matchCriteriaId":"04922CED-B13F-4CA5-A700-D96B6C589324"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3","versionEndExcluding":"11.6.0.3","matchCriteriaId":"670E1622-32D4-45D0-A05E-9A3F76CC0F15"},{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/ssl:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7","versionEndExcluding":"11.7.3","matchCriteriaId":"217D7CA5-49E9-4805-A2F6-32EC75F6EE91"}]}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-55952.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/erlang/otp/commit/2c3e599797644310e5d4aa39c7193420e59dadff","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/9b5437c72fa3403a75c1aba28e5c532bc191c662","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/commit/e77823e6d980b2ec0b4fe4ea3f2d098ca239e3ce","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Patch"]},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-8c57-44c9-pc59","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-55952","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Mitigation","Third Party Advisory"]},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2025-71385","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-02T20:17:00.420","lastModified":"2026-07-07T17:31:58.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document (into a text element) without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a URL such as /api/v2/ilove.svg?love=<script>...</script>; when a victim navigates to it the injected script executes in the victim browser in the origin of the Netdata instance (reflected cross-site scripting). These endpoints are registered with HTTP_ACL_NOCHECK and anonymous access and, because bearer-token protection is disabled by default, are reachable without authentication on a default Netdata agent. The issue was resolved by removing the ilove endpoint."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"netdata","product":"netdata","defaultStatus":"unaffected","repo":"https://github.com/netdata/netdata","versions":[{"version":"0","lessThan":"2.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:38:23.674546Z","id":"CVE-2025-71385","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netdata:netdata:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.1","matchCriteriaId":"E63D0660-D777-4826-AFCE-2E4C8EB209FD"}]}]}],"references":[{"url":"https://github.com/netdata/netdata/commit/f82554fe9b21b5ae51a8663a3f4ddce84cac16af","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/netdata/netdata/pull/19919","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/netdata/netdata/releases/tag/v2.3.1","source":"disclosure@vulncheck.com","tags":["Product","Release Notes"]},{"url":"https://www.vulncheck.com/advisories/netdata-reflected-cross-site-scripting-via-love-parameter-in-ilove-svg-endpoint","source":"disclosure@vulncheck.com","tags":["Patch","Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-58381","sourceIdentifier":"secalert@redhat.com","published":"2026-07-02T20:17:06.170","lastModified":"2026-07-07T18:16:39.803","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:05:03.761403Z","id":"CVE-2026-58381","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58381","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496166","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/b22e147b","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16207","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-58578","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-02T20:17:06.870","lastModified":"2026-07-07T18:16:39.903","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service (ReDoS) vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craft a malicious basePath value containing unescaped regex metacharacters such as catastrophic-backtracking patterns, which are injected into a dynamically constructed regular expression in the findSkillMd function and executed synchronously against archive entries, denying service to all concurrent users for tens of seconds per request."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"lobehub","product":"lobehub","defaultStatus":"affected","repo":"https://github.com/lobehub/lobehub","versions":[{"version":"0","lessThan":"2.2.10-canary.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:00:14.398675Z","id":"CVE-2026-58578","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/lobehub/lobehub/commit/349bbe326eb8635d6d9c6a96d12702681ae3a84a","source":"disclosure@vulncheck.com"},{"url":"https://github.com/lobehub/lobehub/issues/16494","source":"disclosure@vulncheck.com"},{"url":"https://github.com/lobehub/lobehub/pull/16548","source":"disclosure@vulncheck.com"},{"url":"https://github.com/lobehub/lobehub/releases/tag/v2.2.10-canary.15","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/lobechat-canary-15-regular-expression-denial-of-service-in-github-skill-import","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59093","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-02T20:17:07.410","lastModified":"2026-07-07T16:14:10.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers (POST /authz/users/{id}/assign and /authz/groups/{id}/assign) authorize only that the caller may assign roles to the target user or group, not the permissions contained in the assigned roles, unlike role creation which enforces that a user can only create roles with permissions less than or equal to its own. A user holding only the delegated assign_and_revoke_users or assign_and_revoke_groups permission can assign the built-in admin role, or any high-privilege custom role, to itself or others, escalating to full administrative control of the database."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"weaviate","product":"weaviate","defaultStatus":"unaffected","repo":"https://github.com/weaviate/weaviate","versions":[{"version":"0","lessThan":"1.38.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T12:26:29.214163Z","id":"CVE-2026-59093","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weaviate:weaviate:*:*:*:*:*:*:*:*","versionEndExcluding":"1.38.0","matchCriteriaId":"90A39FDE-81A0-4CE7-A629-D4096DFCDAC4"}]}]}],"references":[{"url":"https://github.com/weaviate/weaviate/commit/2c75f6fb217631f7751c4b2a7d37a488cef13edb","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/weaviate/weaviate/pull/11493","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/weaviate/weaviate/releases/tag/v1.38.0","source":"disclosure@vulncheck.com","tags":["Product","Release Notes"]},{"url":"https://www.vulncheck.com/advisories/weaviate-privilege-escalation-via-unchecked-permissions-in-rbac-role-assignment","source":"disclosure@vulncheck.com","tags":["Patch","Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-59095","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-02T20:17:07.673","lastModified":"2026-07-07T18:16:40.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints, which use the global fetch without the project's ssrf-safe-fetch wrapper. Attackers can target internal addresses such as cloud instance metadata endpoints through these unprotected code paths to disclose internal service responses and cloud credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"lobehub","product":"lobehub","defaultStatus":"unaffected","repo":"https://github.com/lobehub/lobehub","versions":[{"version":"0","lessThan":"2.2.10-canary.18","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:00:31.444200Z","id":"CVE-2026-59095","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/lobehub/lobehub/issues/16536","source":"disclosure@vulncheck.com"},{"url":"https://github.com/lobehub/lobehub/pull/16601","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/lobechat-canary-18-ssrf-via-importfromurl-and-fetchimagefromurl","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59101","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-02T20:17:08.507","lastModified":"2026-07-07T18:16:40.140","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST /api/v1/setup/test-downloader endpoint during the initial setup window, causing the server to issue HTTP GET requests to internal or reserved addresses and leak information through echoed connection-error messages."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"EstrellaXD","product":"Auto_Bangumi","defaultStatus":"unaffected","repo":"https://github.com/EstrellaXD/Auto_Bangumi","versions":[{"version":"0","lessThan":"3.2.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:00:55.390686Z","id":"CVE-2026-59101","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/EstrellaXD/Auto_Bangumi/commit/487bdfec545e805ae416e6ddf28651bd274d6a73","source":"disclosure@vulncheck.com"},{"url":"https://github.com/EstrellaXD/Auto_Bangumi/issues/1041","source":"disclosure@vulncheck.com"},{"url":"https://github.com/EstrellaXD/Auto_Bangumi/releases/tag/3.2.8","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/autobangumi-ssrf-via-api-v1-setup-test-downloader","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-26145","sourceIdentifier":"secure@microsoft.com","published":"2026-07-02T23:16:49.813","lastModified":"2026-07-07T14:27:00.440","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Azure Synapse","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-26145","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_synapse:-:*:*:*:*:*:*:*","matchCriteriaId":"A4AE1B8F-819C-41A4-AEFA-7A94CBDCCFF3"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26145","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41106","sourceIdentifier":"secure@microsoft.com","published":"2026-07-02T23:16:50.867","lastModified":"2026-07-07T14:24:12.110","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Copilot","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-41106","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:*","matchCriteriaId":"E4A390D9-7457-430A-82CC-A24DA275BF06"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41106","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45499","sourceIdentifier":"secure@microsoft.com","published":"2026-07-02T23:16:51.003","lastModified":"2026-07-07T14:04:54.607","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Azure Open AI","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-45499","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_openai:-:*:*:*:*:*:*:*","matchCriteriaId":"D1EE6399-239E-479B-A473-B37ECEB110E7"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45499","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-13371","sourceIdentifier":"5d1c2695-1a31-4499-88ae-e847036fd7e3","published":"2026-07-03T00:16:51.013","lastModified":"2026-07-07T18:16:34.670","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input."}],"affected":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","affectedData":[{"vendor":"WatchGuard","product":"Fireware OS","defaultStatus":"unaffected","versions":[{"version":"12.0","lessThanOrEqual":"12.12","versionType":"semver","status":"affected"},{"version":"12.5","lessThanOrEqual":"12.5.18","versionType":"semver","status":"affected"},{"version":"2025.1","lessThanOrEqual":"2026.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:04:59.649744Z","id":"CVE-2026-13371","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00014","source":"5d1c2695-1a31-4499-88ae-e847036fd7e3"}]}},{"cve":{"id":"CVE-2026-12731","sourceIdentifier":"security@wordfence.com","published":"2026-07-03T02:16:23.100","lastModified":"2026-07-07T18:16:34.263","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wedevs","product":"weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:04:51.375610Z","id":"CVE-2026-12731","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wedocs/tags/2.3.0/assets/build/blocks/Sidebar/render.php#L154","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wedocs/tags/2.3.0/assets/build/blocks/Sidebar/render.php#L540","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wedocs/tags/2.3.0/assets/build/blocks/Sidebar/render.php#L634","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3589430%40wedocs&new=3589430%40wedocs&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cda6d5d5-b49a-40f4-9c83-c1c569891339?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13040","sourceIdentifier":"security@wordfence.com","published":"2026-07-03T06:16:21.590","lastModified":"2026-07-07T18:16:34.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'real_val__' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The submission endpoint is registered via wp_ajax_nopriv_submit_nex_form with no nonce verification, making it fully accessible to unauthenticated attackers without any CSRF token."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"webaways","product":"NEX-Forms – Ultimate Forms Plugin for WordPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"9.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:12:14.986613Z","id":"CVE-2026-13040","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.11/includes/classes/class.functions.php#L2461","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.11/main.php#L2660","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.11/main.php#L467","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.11/main.php#L4870","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.11/main.php#L4896","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.11/main.php#L5323","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.2.2/includes/classes/class.functions.php#L2461","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.2.2/main.php#L2660","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.2.2/main.php#L467","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.2.2/main.php#L4870","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.2.2/main.php#L4896","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.2.2/main.php#L5323","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3584399%40nex-forms-express-wp-form-builder&new=3584399%40nex-forms-express-wp-form-builder&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49dc267a-48cf-487f-bedc-fd892666e9a0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9725","sourceIdentifier":"security@wordfence.com","published":"2026-07-03T06:16:23.263","lastModified":"2026-07-07T18:16:40.690","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the store_design_data() function, which constructs a filesystem path from the user-supplied 'nbd_item_key' POST parameter sanitized only with sanitize_text_field() — which does not strip path traversal sequences — and then passes that path directly to Nbdesigner_IO::delete_folder() and PHP's rename(). The nonce protecting the nbd_save_customer_design AJAX action is freely obtainable by unauthenticated users via the nbd_check_use_logged_in endpoint. This makes it possible for unauthenticated attackers to delete arbitrary files on the affected site's server which may make remote code execution possible."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"printcart","product":"Printcart Web to Print Product Designer for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:12:12.885497Z","id":"CVE-2026-9725","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/printcart-integration/tags/2.4.8/includes/class.nbdesigner.php#L214","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printcart-integration/tags/2.4.8/includes/class.nbdesigner.php#L3246","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printcart-integration/tags/2.4.8/includes/class.nbdesigner.php#L3698","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3593521/printcart-integration/trunk/includes/class.nbdesigner.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fprintcart-integration/tags/2.5.2&new_path=%2Fprintcart-integration/tags/2.5.3","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5bb962bd-9b23-4820-885e-d8095250c3c7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10536","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:23.563","lastModified":"2026-07-07T18:02:03.890","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability exists in libcurl when an application\nconfigures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or\n`CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and\nfinally terminates the handle with `curl_easy_cleanup()`. During this final\ncleanup phase, libcurl attempts to access and modify an internal structure\nthat was already freed during the reset operation."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"},{"version":"8.10.1","lessThanOrEqual":"8.10.1","versionType":"semver","status":"affected"},{"version":"8.10.0","lessThanOrEqual":"8.10.0","versionType":"semver","status":"affected"},{"version":"8.9.1","lessThanOrEqual":"8.9.1","versionType":"semver","status":"affected"},{"version":"8.9.0","lessThanOrEqual":"8.9.0","versionType":"semver","status":"affected"},{"version":"8.8.0","lessThanOrEqual":"8.8.0","versionType":"semver","status":"affected"},{"version":"8.7.1","lessThanOrEqual":"8.7.1","versionType":"semver","status":"affected"},{"version":"8.7.0","lessThanOrEqual":"8.7.0","versionType":"semver","status":"affected"},{"version":"8.6.0","lessThanOrEqual":"8.6.0","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.4.0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.2.1","lessThanOrEqual":"8.2.1","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThanOrEqual":"8.2.0","versionType":"semver","status":"affected"},{"version":"8.1.2","lessThanOrEqual":"8.1.2","versionType":"semver","status":"affected"},{"version":"8.1.1","lessThanOrEqual":"8.1.1","versionType":"semver","status":"affected"},{"version":"8.1.0","lessThanOrEqual":"8.1.0","versionType":"semver","status":"affected"},{"version":"8.0.1","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"},{"version":"8.0.0","lessThanOrEqual":"8.0.0","versionType":"semver","status":"affected"},{"version":"7.88.1","lessThanOrEqual":"7.88.1","versionType":"semver","status":"affected"},{"version":"7.88.0","lessThanOrEqual":"7.88.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:28:36.822614Z","id":"CVE-2026-10536","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.88.0","versionEndExcluding":"8.21.0","matchCriteriaId":"1088DD7B-0C10-4992-83C7-66931BB8F297"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-10536.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-10536.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3751697","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3751697","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11352","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:23.693","lastModified":"2026-07-07T18:01:19.013","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server\nto trigger a remote denial of service against a curl or libcurl client.\nBecause the helper function discards zero-length UDP datagrams before counting\nthem toward the per-call packet budget, a connected QUIC peer can continuously\nstream empty datagrams to indefinitely stall the client."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:26:03.249042Z","id":"CVE-2026-11352","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.18.0","versionEndExcluding":"8.21.0","matchCriteriaId":"6EF934FA-9E74-432D-A41E-157D65C6B539"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-11352.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-11352.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3783438","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3783438","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11564","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:23.790","lastModified":"2026-07-07T18:00:35.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup.\n\nAn easy handle that first uses default native CA trust can continue trusting\nthe native platform store after the application switches that same handle to\ncustom CA material for a later transfer."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T17:09:36.356822Z","id":"CVE-2026-11564","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.17.0","versionEndExcluding":"8.21.0","matchCriteriaId":"B5728866-C386-4BA5-835D-792BAE02DE29"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-11564.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-11564.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3788984","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3788984","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11586","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:23.883","lastModified":"2026-07-07T17:59:46.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"By default, curl automatically responds to WebSocket PING frames. Because curl\nlacks an upper bound on memory allocation for unacknowledged frames, a\nmalicious server can exhaust all available memory by flooding curl with rapid,\nsequential PING messages."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:16:22.568075Z","id":"CVE-2026-11586","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.16.0","versionEndExcluding":"8.21.0","matchCriteriaId":"0A8E28F3-30D3-4A58-9845-680E41079A9C"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-11586.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-11586.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3788931","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11856","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:23.973","lastModified":"2026-07-07T19:43:55.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Successfully using libcurl to do a transfer to a specific HTTP origin\n(`hostA`) with **Digest** authentication and then changing the origin to a\ndifferent one (`hostB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the  `Authorization:` header field meant for `hostA`,\nto `hostB`."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"},{"version":"8.10.1","lessThanOrEqual":"8.10.1","versionType":"semver","status":"affected"},{"version":"8.10.0","lessThanOrEqual":"8.10.0","versionType":"semver","status":"affected"},{"version":"8.9.1","lessThanOrEqual":"8.9.1","versionType":"semver","status":"affected"},{"version":"8.9.0","lessThanOrEqual":"8.9.0","versionType":"semver","status":"affected"},{"version":"8.8.0","lessThanOrEqual":"8.8.0","versionType":"semver","status":"affected"},{"version":"8.7.1","lessThanOrEqual":"8.7.1","versionType":"semver","status":"affected"},{"version":"8.7.0","lessThanOrEqual":"8.7.0","versionType":"semver","status":"affected"},{"version":"8.6.0","lessThanOrEqual":"8.6.0","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.4.0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.2.1","lessThanOrEqual":"8.2.1","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThanOrEqual":"8.2.0","versionType":"semver","status":"affected"},{"version":"8.1.2","lessThanOrEqual":"8.1.2","versionType":"semver","status":"affected"},{"version":"8.1.1","lessThanOrEqual":"8.1.1","versionType":"semver","status":"affected"},{"version":"8.1.0","lessThanOrEqual":"8.1.0","versionType":"semver","status":"affected"},{"version":"8.0.1","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"},{"version":"8.0.0","lessThanOrEqual":"8.0.0","versionType":"semver","status":"affected"},{"version":"7.88.1","lessThanOrEqual":"7.88.1","versionType":"semver","status":"affected"},{"version":"7.88.0","lessThanOrEqual":"7.88.0","versionType":"semver","status":"affected"},{"version":"7.87.0","lessThanOrEqual":"7.87.0","versionType":"semver","status":"affected"},{"version":"7.86.0","lessThanOrEqual":"7.86.0","versionType":"semver","status":"affected"},{"version":"7.85.0","lessThanOrEqual":"7.85.0","versionType":"semver","status":"affected"},{"version":"7.84.0","lessThanOrEqual":"7.84.0","versionType":"semver","status":"affected"},{"version":"7.83.1","lessThanOrEqual":"7.83.1","versionType":"semver","status":"affected"},{"version":"7.83.0","lessThanOrEqual":"7.83.0","versionType":"semver","status":"affected"},{"version":"7.82.0","lessThanOrEqual":"7.82.0","versionType":"semver","status":"affected"},{"version":"7.81.0","lessThanOrEqual":"7.81.0","versionType":"semver","status":"affected"},{"version":"7.80.0","lessThanOrEqual":"7.80.0","versionType":"semver","status":"affected"},{"version":"7.79.1","lessThanOrEqual":"7.79.1","versionType":"semver","status":"affected"},{"version":"7.79.0","lessThanOrEqual":"7.79.0","versionType":"semver","status":"affected"},{"version":"7.78.0","lessThanOrEqual":"7.78.0","versionType":"semver","status":"affected"},{"version":"7.77.0","lessThanOrEqual":"7.77.0","versionType":"semver","status":"affected"},{"version":"7.76.1","lessThanOrEqual":"7.76.1","versionType":"semver","status":"affected"},{"version":"7.76.0","lessThanOrEqual":"7.76.0","versionType":"semver","status":"affected"},{"version":"7.75.0","lessThanOrEqual":"7.75.0","versionType":"semver","status":"affected"},{"version":"7.74.0","lessThanOrEqual":"7.74.0","versionType":"semver","status":"affected"},{"version":"7.73.0","lessThanOrEqual":"7.73.0","versionType":"semver","status":"affected"},{"version":"7.72.0","lessThanOrEqual":"7.72.0","versionType":"semver","status":"affected"},{"version":"7.71.1","lessThanOrEqual":"7.71.1","versionType":"semver","status":"affected"},{"version":"7.71.0","lessThanOrEqual":"7.71.0","versionType":"semver","status":"affected"},{"version":"7.70.0","lessThanOrEqual":"7.70.0","versionType":"semver","status":"affected"},{"version":"7.69.1","lessThanOrEqual":"7.69.1","versionType":"semver","status":"affected"},{"version":"7.69.0","lessThanOrEqual":"7.69.0","versionType":"semver","status":"affected"},{"version":"7.68.0","lessThanOrEqual":"7.68.0","versionType":"semver","status":"affected"},{"version":"7.67.0","lessThanOrEqual":"7.67.0","versionType":"semver","status":"affected"},{"version":"7.66.0","lessThanOrEqual":"7.66.0","versionType":"semver","status":"affected"},{"version":"7.65.3","lessThanOrEqual":"7.65.3","versionType":"semver","status":"affected"},{"version":"7.65.2","lessThanOrEqual":"7.65.2","versionType":"semver","status":"affected"},{"version":"7.65.1","lessThanOrEqual":"7.65.1","versionType":"semver","status":"affected"},{"version":"7.65.0","lessThanOrEqual":"7.65.0","versionType":"semver","status":"affected"},{"version":"7.64.1","lessThanOrEqual":"7.64.1","versionType":"semver","status":"affected"},{"version":"7.64.0","lessThanOrEqual":"7.64.0","versionType":"semver","status":"affected"},{"version":"7.63.0","lessThanOrEqual":"7.63.0","versionType":"semver","status":"affected"},{"version":"7.62.0","lessThanOrEqual":"7.62.0","versionType":"semver","status":"affected"},{"version":"7.61.1","lessThanOrEqual":"7.61.1","versionType":"semver","status":"affected"},{"version":"7.61.0","lessThanOrEqual":"7.61.0","versionType":"semver","status":"affected"},{"version":"7.60.0","lessThanOrEqual":"7.60.0","versionType":"semver","status":"affected"},{"version":"7.59.0","lessThanOrEqual":"7.59.0","versionType":"semver","status":"affected"},{"version":"7.58.0","lessThanOrEqual":"7.58.0","versionType":"semver","status":"affected"},{"version":"7.57.0","lessThanOrEqual":"7.57.0","versionType":"semver","status":"affected"},{"version":"7.56.1","lessThanOrEqual":"7.56.1","versionType":"semver","status":"affected"},{"version":"7.56.0","lessThanOrEqual":"7.56.0","versionType":"semver","status":"affected"},{"version":"7.55.1","lessThanOrEqual":"7.55.1","versionType":"semver","status":"affected"},{"version":"7.55.0","lessThanOrEqual":"7.55.0","versionType":"semver","status":"affected"},{"version":"7.54.1","lessThanOrEqual":"7.54.1","versionType":"semver","status":"affected"},{"version":"7.54.0","lessThanOrEqual":"7.54.0","versionType":"semver","status":"affected"},{"version":"7.53.1","lessThanOrEqual":"7.53.1","versionType":"semver","status":"affected"},{"version":"7.53.0","lessThanOrEqual":"7.53.0","versionType":"semver","status":"affected"},{"version":"7.52.1","lessThanOrEqual":"7.52.1","versionType":"semver","status":"affected"},{"version":"7.52.0","lessThanOrEqual":"7.52.0","versionType":"semver","status":"affected"},{"version":"7.51.0","lessThanOrEqual":"7.51.0","versionType":"semver","status":"affected"},{"version":"7.50.3","lessThanOrEqual":"7.50.3","versionType":"semver","status":"affected"},{"version":"7.50.2","lessThanOrEqual":"7.50.2","versionType":"semver","status":"affected"},{"version":"7.50.1","lessThanOrEqual":"7.50.1","versionType":"semver","status":"affected"},{"version":"7.50.0","lessThanOrEqual":"7.50.0","versionType":"semver","status":"affected"},{"version":"7.49.1","lessThanOrEqual":"7.49.1","versionType":"semver","status":"affected"},{"version":"7.49.0","lessThanOrEqual":"7.49.0","versionType":"semver","status":"affected"},{"version":"7.48.0","lessThanOrEqual":"7.48.0","versionType":"semver","status":"affected"},{"version":"7.47.1","lessThanOrEqual":"7.47.1","versionType":"semver","status":"affected"},{"version":"7.47.0","lessThanOrEqual":"7.47.0","versionType":"semver","status":"affected"},{"version":"7.46.0","lessThanOrEqual":"7.46.0","versionType":"semver","status":"affected"},{"version":"7.45.0","lessThanOrEqual":"7.45.0","versionType":"semver","status":"affected"},{"version":"7.44.0","lessThanOrEqual":"7.44.0","versionType":"semver","status":"affected"},{"version":"7.43.0","lessThanOrEqual":"7.43.0","versionType":"semver","status":"affected"},{"version":"7.42.1","lessThanOrEqual":"7.42.1","versionType":"semver","status":"affected"},{"version":"7.42.0","lessThanOrEqual":"7.42.0","versionType":"semver","status":"affected"},{"version":"7.41.0","lessThanOrEqual":"7.41.0","versionType":"semver","status":"affected"},{"version":"7.40.0","lessThanOrEqual":"7.40.0","versionType":"semver","status":"affected"},{"version":"7.39.0","lessThanOrEqual":"7.39.0","versionType":"semver","status":"affected"},{"version":"7.38.0","lessThanOrEqual":"7.38.0","versionType":"semver","status":"affected"},{"version":"7.37.1","lessThanOrEqual":"7.37.1","versionType":"semver","status":"affected"},{"version":"7.37.0","lessThanOrEqual":"7.37.0","versionType":"semver","status":"affected"},{"version":"7.36.0","lessThanOrEqual":"7.36.0","versionType":"semver","status":"affected"},{"version":"7.35.0","lessThanOrEqual":"7.35.0","versionType":"semver","status":"affected"},{"version":"7.34.0","lessThanOrEqual":"7.34.0","versionType":"semver","status":"affected"},{"version":"7.33.0","lessThanOrEqual":"7.33.0","versionType":"semver","status":"affected"},{"version":"7.32.0","lessThanOrEqual":"7.32.0","versionType":"semver","status":"affected"},{"version":"7.31.0","lessThanOrEqual":"7.31.0","versionType":"semver","status":"affected"},{"version":"7.30.0","lessThanOrEqual":"7.30.0","versionType":"semver","status":"affected"},{"version":"7.29.0","lessThanOrEqual":"7.29.0","versionType":"semver","status":"affected"},{"version":"7.28.1","lessThanOrEqual":"7.28.1","versionType":"semver","status":"affected"},{"version":"7.28.0","lessThanOrEqual":"7.28.0","versionType":"semver","status":"affected"},{"version":"7.27.0","lessThanOrEqual":"7.27.0","versionType":"semver","status":"affected"},{"version":"7.26.0","lessThanOrEqual":"7.26.0","versionType":"semver","status":"affected"},{"version":"7.25.0","lessThanOrEqual":"7.25.0","versionType":"semver","status":"affected"},{"version":"7.24.0","lessThanOrEqual":"7.24.0","versionType":"semver","status":"affected"},{"version":"7.23.1","lessThanOrEqual":"7.23.1","versionType":"semver","status":"affected"},{"version":"7.23.0","lessThanOrEqual":"7.23.0","versionType":"semver","status":"affected"},{"version":"7.22.0","lessThanOrEqual":"7.22.0","versionType":"semver","status":"affected"},{"version":"7.21.7","lessThanOrEqual":"7.21.7","versionType":"semver","status":"affected"},{"version":"7.21.6","lessThanOrEqual":"7.21.6","versionType":"semver","status":"affected"},{"version":"7.21.5","lessThanOrEqual":"7.21.5","versionType":"semver","status":"affected"},{"version":"7.21.4","lessThanOrEqual":"7.21.4","versionType":"semver","status":"affected"},{"version":"7.21.3","lessThanOrEqual":"7.21.3","versionType":"semver","status":"affected"},{"version":"7.21.2","lessThanOrEqual":"7.21.2","versionType":"semver","status":"affected"},{"version":"7.21.1","lessThanOrEqual":"7.21.1","versionType":"semver","status":"affected"},{"version":"7.21.0","lessThanOrEqual":"7.21.0","versionType":"semver","status":"affected"},{"version":"7.20.1","lessThanOrEqual":"7.20.1","versionType":"semver","status":"affected"},{"version":"7.20.0","lessThanOrEqual":"7.20.0","versionType":"semver","status":"affected"},{"version":"7.19.7","lessThanOrEqual":"7.19.7","versionType":"semver","status":"affected"},{"version":"7.19.6","lessThanOrEqual":"7.19.6","versionType":"semver","status":"affected"},{"version":"7.19.5","lessThanOrEqual":"7.19.5","versionType":"semver","status":"affected"},{"version":"7.19.4","lessThanOrEqual":"7.19.4","versionType":"semver","status":"affected"},{"version":"7.19.3","lessThanOrEqual":"7.19.3","versionType":"semver","status":"affected"},{"version":"7.19.2","lessThanOrEqual":"7.19.2","versionType":"semver","status":"affected"},{"version":"7.19.1","lessThanOrEqual":"7.19.1","versionType":"semver","status":"affected"},{"version":"7.19.0","lessThanOrEqual":"7.19.0","versionType":"semver","status":"affected"},{"version":"7.18.2","lessThanOrEqual":"7.18.2","versionType":"semver","status":"affected"},{"version":"7.18.1","lessThanOrEqual":"7.18.1","versionType":"semver","status":"affected"},{"version":"7.18.0","lessThanOrEqual":"7.18.0","versionType":"semver","status":"affected"},{"version":"7.17.1","lessThanOrEqual":"7.17.1","versionType":"semver","status":"affected"},{"version":"7.17.0","lessThanOrEqual":"7.17.0","versionType":"semver","status":"affected"},{"version":"7.16.4","lessThanOrEqual":"7.16.4","versionType":"semver","status":"affected"},{"version":"7.16.3","lessThanOrEqual":"7.16.3","versionType":"semver","status":"affected"},{"version":"7.16.2","lessThanOrEqual":"7.16.2","versionType":"semver","status":"affected"},{"version":"7.16.1","lessThanOrEqual":"7.16.1","versionType":"semver","status":"affected"},{"version":"7.16.0","lessThanOrEqual":"7.16.0","versionType":"semver","status":"affected"},{"version":"7.15.5","lessThanOrEqual":"7.15.5","versionType":"semver","status":"affected"},{"version":"7.15.4","lessThanOrEqual":"7.15.4","versionType":"semver","status":"affected"},{"version":"7.15.3","lessThanOrEqual":"7.15.3","versionType":"semver","status":"affected"},{"version":"7.15.2","lessThanOrEqual":"7.15.2","versionType":"semver","status":"affected"},{"version":"7.15.1","lessThanOrEqual":"7.15.1","versionType":"semver","status":"affected"},{"version":"7.15.0","lessThanOrEqual":"7.15.0","versionType":"semver","status":"affected"},{"version":"7.14.1","lessThanOrEqual":"7.14.1","versionType":"semver","status":"affected"},{"version":"7.14.0","lessThanOrEqual":"7.14.0","versionType":"semver","status":"affected"},{"version":"7.13.2","lessThanOrEqual":"7.13.2","versionType":"semver","status":"affected"},{"version":"7.13.1","lessThanOrEqual":"7.13.1","versionType":"semver","status":"affected"},{"version":"7.13.0","lessThanOrEqual":"7.13.0","versionType":"semver","status":"affected"},{"version":"7.12.3","lessThanOrEqual":"7.12.3","versionType":"semver","status":"affected"},{"version":"7.12.2","lessThanOrEqual":"7.12.2","versionType":"semver","status":"affected"},{"version":"7.12.1","lessThanOrEqual":"7.12.1","versionType":"semver","status":"affected"},{"version":"7.12.0","lessThanOrEqual":"7.12.0","versionType":"semver","status":"affected"},{"version":"7.11.2","lessThanOrEqual":"7.11.2","versionType":"semver","status":"affected"},{"version":"7.11.1","lessThanOrEqual":"7.11.1","versionType":"semver","status":"affected"},{"version":"7.11.0","lessThanOrEqual":"7.11.0","versionType":"semver","status":"affected"},{"version":"7.10.8","lessThanOrEqual":"7.10.8","versionType":"semver","status":"affected"},{"version":"7.10.7","lessThanOrEqual":"7.10.7","versionType":"semver","status":"affected"},{"version":"7.10.6","lessThanOrEqual":"7.10.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:22:46.260282Z","id":"CVE-2026-11856","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-294"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10.6","versionEndExcluding":"8.21.0","matchCriteriaId":"9E12CA71-3AD8-44FB-9A48-E1CD9551EDE8"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-11856.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-11856.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3793260","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3793260","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-12064","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:24.217","lastModified":"2026-07-07T19:43:11.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When a user invokes curl using a schemeless URL combined with\n`--proto-default` sftp (or scp), a disconnect occurs between the tool layer\nand libcurl. The tool layer incorrectly infers the URL scheme, which\nerroneously bypasses the initialization of critical SSH security options like\nCURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS. Conversely, the\nlibcurl runtime successfully honors CURLOPT_DEFAULT_PROTOCOL and establishes\nthe connection via SFTP/SCP as specified. Because the tool layer skipped the\nsecurity configuration, these SSH host verification options are silently\nomitted, causing curl to connect to an unverified SSH remote host without\nthrowing an error."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"},{"version":"8.10.1","lessThanOrEqual":"8.10.1","versionType":"semver","status":"affected"},{"version":"8.10.0","lessThanOrEqual":"8.10.0","versionType":"semver","status":"affected"},{"version":"8.9.1","lessThanOrEqual":"8.9.1","versionType":"semver","status":"affected"},{"version":"8.9.0","lessThanOrEqual":"8.9.0","versionType":"semver","status":"affected"},{"version":"8.8.0","lessThanOrEqual":"8.8.0","versionType":"semver","status":"affected"},{"version":"8.7.1","lessThanOrEqual":"8.7.1","versionType":"semver","status":"affected"},{"version":"8.7.0","lessThanOrEqual":"8.7.0","versionType":"semver","status":"affected"},{"version":"8.6.0","lessThanOrEqual":"8.6.0","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.4.0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.2.1","lessThanOrEqual":"8.2.1","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThanOrEqual":"8.2.0","versionType":"semver","status":"affected"},{"version":"8.1.2","lessThanOrEqual":"8.1.2","versionType":"semver","status":"affected"},{"version":"8.1.1","lessThanOrEqual":"8.1.1","versionType":"semver","status":"affected"},{"version":"8.1.0","lessThanOrEqual":"8.1.0","versionType":"semver","status":"affected"},{"version":"8.0.1","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"},{"version":"8.0.0","lessThanOrEqual":"8.0.0","versionType":"semver","status":"affected"},{"version":"7.88.1","lessThanOrEqual":"7.88.1","versionType":"semver","status":"affected"},{"version":"7.88.0","lessThanOrEqual":"7.88.0","versionType":"semver","status":"affected"},{"version":"7.87.0","lessThanOrEqual":"7.87.0","versionType":"semver","status":"affected"},{"version":"7.86.0","lessThanOrEqual":"7.86.0","versionType":"semver","status":"affected"},{"version":"7.85.0","lessThanOrEqual":"7.85.0","versionType":"semver","status":"affected"},{"version":"7.84.0","lessThanOrEqual":"7.84.0","versionType":"semver","status":"affected"},{"version":"7.83.1","lessThanOrEqual":"7.83.1","versionType":"semver","status":"affected"},{"version":"7.83.0","lessThanOrEqual":"7.83.0","versionType":"semver","status":"affected"},{"version":"7.82.0","lessThanOrEqual":"7.82.0","versionType":"semver","status":"affected"},{"version":"7.81.0","lessThanOrEqual":"7.81.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:19:34.951461Z","id":"CVE-2026-12064","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.81.0","versionEndExcluding":"8.21.0","matchCriteriaId":"53E9B785-AB1F-48AC-B737-EEB59C80E5BF"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-12064.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-12064.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3797526","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3797526","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-8286","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:24.453","lastModified":"2026-07-07T19:42:11.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists where a new transfer that uses STARTTLS to upgrade the\nconnection might reuse an existing live connection even though the TLS\nconfiguration mismatches so it should not."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"},{"version":"8.10.1","lessThanOrEqual":"8.10.1","versionType":"semver","status":"affected"},{"version":"8.10.0","lessThanOrEqual":"8.10.0","versionType":"semver","status":"affected"},{"version":"8.9.1","lessThanOrEqual":"8.9.1","versionType":"semver","status":"affected"},{"version":"8.9.0","lessThanOrEqual":"8.9.0","versionType":"semver","status":"affected"},{"version":"8.8.0","lessThanOrEqual":"8.8.0","versionType":"semver","status":"affected"},{"version":"8.7.1","lessThanOrEqual":"8.7.1","versionType":"semver","status":"affected"},{"version":"8.7.0","lessThanOrEqual":"8.7.0","versionType":"semver","status":"affected"},{"version":"8.6.0","lessThanOrEqual":"8.6.0","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.4.0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.2.1","lessThanOrEqual":"8.2.1","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThanOrEqual":"8.2.0","versionType":"semver","status":"affected"},{"version":"8.1.2","lessThanOrEqual":"8.1.2","versionType":"semver","status":"affected"},{"version":"8.1.1","lessThanOrEqual":"8.1.1","versionType":"semver","status":"affected"},{"version":"8.1.0","lessThanOrEqual":"8.1.0","versionType":"semver","status":"affected"},{"version":"8.0.1","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"},{"version":"8.0.0","lessThanOrEqual":"8.0.0","versionType":"semver","status":"affected"},{"version":"7.88.1","lessThanOrEqual":"7.88.1","versionType":"semver","status":"affected"},{"version":"7.88.0","lessThanOrEqual":"7.88.0","versionType":"semver","status":"affected"},{"version":"7.87.0","lessThanOrEqual":"7.87.0","versionType":"semver","status":"affected"},{"version":"7.86.0","lessThanOrEqual":"7.86.0","versionType":"semver","status":"affected"},{"version":"7.85.0","lessThanOrEqual":"7.85.0","versionType":"semver","status":"affected"},{"version":"7.84.0","lessThanOrEqual":"7.84.0","versionType":"semver","status":"affected"},{"version":"7.83.1","lessThanOrEqual":"7.83.1","versionType":"semver","status":"affected"},{"version":"7.83.0","lessThanOrEqual":"7.83.0","versionType":"semver","status":"affected"},{"version":"7.82.0","lessThanOrEqual":"7.82.0","versionType":"semver","status":"affected"},{"version":"7.81.0","lessThanOrEqual":"7.81.0","versionType":"semver","status":"affected"},{"version":"7.80.0","lessThanOrEqual":"7.80.0","versionType":"semver","status":"affected"},{"version":"7.79.1","lessThanOrEqual":"7.79.1","versionType":"semver","status":"affected"},{"version":"7.79.0","lessThanOrEqual":"7.79.0","versionType":"semver","status":"affected"},{"version":"7.78.0","lessThanOrEqual":"7.78.0","versionType":"semver","status":"affected"},{"version":"7.77.0","lessThanOrEqual":"7.77.0","versionType":"semver","status":"affected"},{"version":"7.76.1","lessThanOrEqual":"7.76.1","versionType":"semver","status":"affected"},{"version":"7.76.0","lessThanOrEqual":"7.76.0","versionType":"semver","status":"affected"},{"version":"7.75.0","lessThanOrEqual":"7.75.0","versionType":"semver","status":"affected"},{"version":"7.74.0","lessThanOrEqual":"7.74.0","versionType":"semver","status":"affected"},{"version":"7.73.0","lessThanOrEqual":"7.73.0","versionType":"semver","status":"affected"},{"version":"7.72.0","lessThanOrEqual":"7.72.0","versionType":"semver","status":"affected"},{"version":"7.71.1","lessThanOrEqual":"7.71.1","versionType":"semver","status":"affected"},{"version":"7.71.0","lessThanOrEqual":"7.71.0","versionType":"semver","status":"affected"},{"version":"7.70.0","lessThanOrEqual":"7.70.0","versionType":"semver","status":"affected"},{"version":"7.69.1","lessThanOrEqual":"7.69.1","versionType":"semver","status":"affected"},{"version":"7.69.0","lessThanOrEqual":"7.69.0","versionType":"semver","status":"affected"},{"version":"7.68.0","lessThanOrEqual":"7.68.0","versionType":"semver","status":"affected"},{"version":"7.67.0","lessThanOrEqual":"7.67.0","versionType":"semver","status":"affected"},{"version":"7.66.0","lessThanOrEqual":"7.66.0","versionType":"semver","status":"affected"},{"version":"7.65.3","lessThanOrEqual":"7.65.3","versionType":"semver","status":"affected"},{"version":"7.65.2","lessThanOrEqual":"7.65.2","versionType":"semver","status":"affected"},{"version":"7.65.1","lessThanOrEqual":"7.65.1","versionType":"semver","status":"affected"},{"version":"7.65.0","lessThanOrEqual":"7.65.0","versionType":"semver","status":"affected"},{"version":"7.64.1","lessThanOrEqual":"7.64.1","versionType":"semver","status":"affected"},{"version":"7.64.0","lessThanOrEqual":"7.64.0","versionType":"semver","status":"affected"},{"version":"7.63.0","lessThanOrEqual":"7.63.0","versionType":"semver","status":"affected"},{"version":"7.62.0","lessThanOrEqual":"7.62.0","versionType":"semver","status":"affected"},{"version":"7.61.1","lessThanOrEqual":"7.61.1","versionType":"semver","status":"affected"},{"version":"7.61.0","lessThanOrEqual":"7.61.0","versionType":"semver","status":"affected"},{"version":"7.60.0","lessThanOrEqual":"7.60.0","versionType":"semver","status":"affected"},{"version":"7.59.0","lessThanOrEqual":"7.59.0","versionType":"semver","status":"affected"},{"version":"7.58.0","lessThanOrEqual":"7.58.0","versionType":"semver","status":"affected"},{"version":"7.57.0","lessThanOrEqual":"7.57.0","versionType":"semver","status":"affected"},{"version":"7.56.1","lessThanOrEqual":"7.56.1","versionType":"semver","status":"affected"},{"version":"7.56.0","lessThanOrEqual":"7.56.0","versionType":"semver","status":"affected"},{"version":"7.55.1","lessThanOrEqual":"7.55.1","versionType":"semver","status":"affected"},{"version":"7.55.0","lessThanOrEqual":"7.55.0","versionType":"semver","status":"affected"},{"version":"7.54.1","lessThanOrEqual":"7.54.1","versionType":"semver","status":"affected"},{"version":"7.54.0","lessThanOrEqual":"7.54.0","versionType":"semver","status":"affected"},{"version":"7.53.1","lessThanOrEqual":"7.53.1","versionType":"semver","status":"affected"},{"version":"7.53.0","lessThanOrEqual":"7.53.0","versionType":"semver","status":"affected"},{"version":"7.52.1","lessThanOrEqual":"7.52.1","versionType":"semver","status":"affected"},{"version":"7.52.0","lessThanOrEqual":"7.52.0","versionType":"semver","status":"affected"},{"version":"7.51.0","lessThanOrEqual":"7.51.0","versionType":"semver","status":"affected"},{"version":"7.50.3","lessThanOrEqual":"7.50.3","versionType":"semver","status":"affected"},{"version":"7.50.2","lessThanOrEqual":"7.50.2","versionType":"semver","status":"affected"},{"version":"7.50.1","lessThanOrEqual":"7.50.1","versionType":"semver","status":"affected"},{"version":"7.50.0","lessThanOrEqual":"7.50.0","versionType":"semver","status":"affected"},{"version":"7.49.1","lessThanOrEqual":"7.49.1","versionType":"semver","status":"affected"},{"version":"7.49.0","lessThanOrEqual":"7.49.0","versionType":"semver","status":"affected"},{"version":"7.48.0","lessThanOrEqual":"7.48.0","versionType":"semver","status":"affected"},{"version":"7.47.1","lessThanOrEqual":"7.47.1","versionType":"semver","status":"affected"},{"version":"7.47.0","lessThanOrEqual":"7.47.0","versionType":"semver","status":"affected"},{"version":"7.46.0","lessThanOrEqual":"7.46.0","versionType":"semver","status":"affected"},{"version":"7.45.0","lessThanOrEqual":"7.45.0","versionType":"semver","status":"affected"},{"version":"7.44.0","lessThanOrEqual":"7.44.0","versionType":"semver","status":"affected"},{"version":"7.43.0","lessThanOrEqual":"7.43.0","versionType":"semver","status":"affected"},{"version":"7.42.1","lessThanOrEqual":"7.42.1","versionType":"semver","status":"affected"},{"version":"7.42.0","lessThanOrEqual":"7.42.0","versionType":"semver","status":"affected"},{"version":"7.41.0","lessThanOrEqual":"7.41.0","versionType":"semver","status":"affected"},{"version":"7.40.0","lessThanOrEqual":"7.40.0","versionType":"semver","status":"affected"},{"version":"7.39.0","lessThanOrEqual":"7.39.0","versionType":"semver","status":"affected"},{"version":"7.38.0","lessThanOrEqual":"7.38.0","versionType":"semver","status":"affected"},{"version":"7.37.1","lessThanOrEqual":"7.37.1","versionType":"semver","status":"affected"},{"version":"7.37.0","lessThanOrEqual":"7.37.0","versionType":"semver","status":"affected"},{"version":"7.36.0","lessThanOrEqual":"7.36.0","versionType":"semver","status":"affected"},{"version":"7.35.0","lessThanOrEqual":"7.35.0","versionType":"semver","status":"affected"},{"version":"7.34.0","lessThanOrEqual":"7.34.0","versionType":"semver","status":"affected"},{"version":"7.33.0","lessThanOrEqual":"7.33.0","versionType":"semver","status":"affected"},{"version":"7.32.0","lessThanOrEqual":"7.32.0","versionType":"semver","status":"affected"},{"version":"7.31.0","lessThanOrEqual":"7.31.0","versionType":"semver","status":"affected"},{"version":"7.30.0","lessThanOrEqual":"7.30.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T17:33:16.174641Z","id":"CVE-2026-8286","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.30.0","versionEndExcluding":"8.21.0","matchCriteriaId":"248C6E85-F6A2-4E75-8D49-D00FEB938FAE"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-8286.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-8286.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3718195","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3718195","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9079","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:25.620","lastModified":"2026-07-07T15:05:55.933","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libcurl had a flaw that when instructed to clear proxy authentication\ncredentials which made it not do so, leaving the old credentials around to get\nused for subsequent transfers that should not know nor use them."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"},{"version":"8.10.1","lessThanOrEqual":"8.10.1","versionType":"semver","status":"affected"},{"version":"8.10.0","lessThanOrEqual":"8.10.0","versionType":"semver","status":"affected"},{"version":"8.9.1","lessThanOrEqual":"8.9.1","versionType":"semver","status":"affected"},{"version":"8.9.0","lessThanOrEqual":"8.9.0","versionType":"semver","status":"affected"},{"version":"8.8.0","lessThanOrEqual":"8.8.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:49:15.639683Z","id":"CVE-2026-9079","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.8.0","versionEndExcluding":"8.21.0","matchCriteriaId":"9238ECE6-3CA5-48A9-B558-DF2BC6CE04AD"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-9079.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-9079.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3750295","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3750295","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9080","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:25.713","lastModified":"2026-07-07T15:05:26.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION`\ncallback triggers a use-after-free vulnerability, where libcurl attempts to\nstore a flag using a dangling struct pointer immediately after that pointer's\nmemory has been freed."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:54:41.919630Z","id":"CVE-2026-9080","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.13.0","versionEndExcluding":"8.21.0","matchCriteriaId":"C87B09EB-4326-4209-9055-93BEE0676194"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-9080.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-9080.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3749204","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3749204","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9545","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:25.807","lastModified":"2026-07-07T15:03:56.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In this scenario, libcurl first uses a proper HTTP/3 server for the initial\ntransfers, and when it makes a second transfer to the same site it has been\nreplaced by the attacker's impostor machine - without a valid certificate.\n\nWhen libcurl returns to the hostname the second time with a cached SSL session\n(`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the\n`CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might\nsend off the second request's bytes on that new connection *before* enforcing\nthe certificate verification failure. Potentially leaking sensitive\ninformation."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:52:42.898546Z","id":"CVE-2026-9545","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.11.0","versionEndExcluding":"8.21.0","matchCriteriaId":"C6D1007D-3E09-4D44-993A-9ACC2316FD0A"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-9545.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-9545.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3752888","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3752888","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9546","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:25.893","lastModified":"2026-07-07T14:53:26.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in libcurl caused the HTTP `Referer:` header to persist even\nwhen explicitly cleared. While the documentation states that passing NULL to\n`CURLOPT_REFERER` suppresses the header, the option failed to clear the\ninternal state. As a result the previous referrer string was erroneously\nreused and sent in subsequent requests, potentially leaking sensitive\ninformation to unintended servers."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:51:06.094113Z","id":"CVE-2026-9546","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"8.18.0","versionEndExcluding":"8.21.0","matchCriteriaId":"6EF934FA-9E74-432D-A41E-157D65C6B539"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-9546.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-9546.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/3754343","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3754343","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9547","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-07-03T07:16:25.990","lastModified":"2026-07-07T14:52:29.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When a libcurl-based application performs transfers via `SCP://` or `SFTP://`\nand utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an\nuntrusted server. This vulnerability occurs when a server presents a host key\ntype that does not match the specific key type already recorded for that host\nin the `known_hosts` file. Instead of rejecting the mismatch, the callback\nmechanism fails to properly enforce the restriction, allowing the connection\nto succeed without warning and risking a potential man-in-the-middle attack."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.20.0","lessThanOrEqual":"8.20.0","versionType":"semver","status":"affected"},{"version":"8.19.0","lessThanOrEqual":"8.19.0","versionType":"semver","status":"affected"},{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"},{"version":"8.10.1","lessThanOrEqual":"8.10.1","versionType":"semver","status":"affected"},{"version":"8.10.0","lessThanOrEqual":"8.10.0","versionType":"semver","status":"affected"},{"version":"8.9.1","lessThanOrEqual":"8.9.1","versionType":"semver","status":"affected"},{"version":"8.9.0","lessThanOrEqual":"8.9.0","versionType":"semver","status":"affected"},{"version":"8.8.0","lessThanOrEqual":"8.8.0","versionType":"semver","status":"affected"},{"version":"8.7.1","lessThanOrEqual":"8.7.1","versionType":"semver","status":"affected"},{"version":"8.7.0","lessThanOrEqual":"8.7.0","versionType":"semver","status":"affected"},{"version":"8.6.0","lessThanOrEqual":"8.6.0","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.4.0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.2.1","lessThanOrEqual":"8.2.1","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThanOrEqual":"8.2.0","versionType":"semver","status":"affected"},{"version":"8.1.2","lessThanOrEqual":"8.1.2","versionType":"semver","status":"affected"},{"version":"8.1.1","lessThanOrEqual":"8.1.1","versionType":"semver","status":"affected"},{"version":"8.1.0","lessThanOrEqual":"8.1.0","versionType":"semver","status":"affected"},{"version":"8.0.1","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"},{"version":"8.0.0","lessThanOrEqual":"8.0.0","versionType":"semver","status":"affected"},{"version":"7.88.1","lessThanOrEqual":"7.88.1","versionType":"semver","status":"affected"},{"version":"7.88.0","lessThanOrEqual":"7.88.0","versionType":"semver","status":"affected"},{"version":"7.87.0","lessThanOrEqual":"7.87.0","versionType":"semver","status":"affected"},{"version":"7.86.0","lessThanOrEqual":"7.86.0","versionType":"semver","status":"affected"},{"version":"7.85.0","lessThanOrEqual":"7.85.0","versionType":"semver","status":"affected"},{"version":"7.84.0","lessThanOrEqual":"7.84.0","versionType":"semver","status":"affected"},{"version":"7.83.1","lessThanOrEqual":"7.83.1","versionType":"semver","status":"affected"},{"version":"7.83.0","lessThanOrEqual":"7.83.0","versionType":"semver","status":"affected"},{"version":"7.82.0","lessThanOrEqual":"7.82.0","versionType":"semver","status":"affected"},{"version":"7.81.0","lessThanOrEqual":"7.81.0","versionType":"semver","status":"affected"},{"version":"7.80.0","lessThanOrEqual":"7.80.0","versionType":"semver","status":"affected"},{"version":"7.79.1","lessThanOrEqual":"7.79.1","versionType":"semver","status":"affected"},{"version":"7.79.0","lessThanOrEqual":"7.79.0","versionType":"semver","status":"affected"},{"version":"7.78.0","lessThanOrEqual":"7.78.0","versionType":"semver","status":"affected"},{"version":"7.77.0","lessThanOrEqual":"7.77.0","versionType":"semver","status":"affected"},{"version":"7.76.1","lessThanOrEqual":"7.76.1","versionType":"semver","status":"affected"},{"version":"7.76.0","lessThanOrEqual":"7.76.0","versionType":"semver","status":"affected"},{"version":"7.75.0","lessThanOrEqual":"7.75.0","versionType":"semver","status":"affected"},{"version":"7.74.0","lessThanOrEqual":"7.74.0","versionType":"semver","status":"affected"},{"version":"7.73.0","lessThanOrEqual":"7.73.0","versionType":"semver","status":"affected"},{"version":"7.72.0","lessThanOrEqual":"7.72.0","versionType":"semver","status":"affected"},{"version":"7.71.1","lessThanOrEqual":"7.71.1","versionType":"semver","status":"affected"},{"version":"7.71.0","lessThanOrEqual":"7.71.0","versionType":"semver","status":"affected"},{"version":"7.70.0","lessThanOrEqual":"7.70.0","versionType":"semver","status":"affected"},{"version":"7.69.1","lessThanOrEqual":"7.69.1","versionType":"semver","status":"affected"},{"version":"7.69.0","lessThanOrEqual":"7.69.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:47:32.456534Z","id":"CVE-2026-9547","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.69.0","versionEndExcluding":"8.21.0","matchCriteriaId":"384FD0B4-826D-4A6C-9F78-BC25B9039011"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-9547.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-9547.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3751712","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://hackerone.com/reports/3751712","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11900","sourceIdentifier":"security@wordfence.com","published":"2026-07-03T09:16:36.613","lastModified":"2026-07-07T18:16:34.043","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the [adinserter] shortcode. This is due to the replace_ai_tags() function processing a {reusable-block-N} tag pattern that calls get_post_field('post_content', N) without verifying the requesting user's capability with current_user_can('read_post'), without restricting the post type to 'wp_block', and without checking the post status. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the full content of arbitrary posts including Private, Draft, Pending, Trashed, and password-protected posts owned by other users, by placing the shortcode in a post they own and previewing it."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"spacetime","product":"Ad Inserter – Ad Manager & AdSense Ads","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.8.16","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:04:48.926021Z","id":"CVE-2026-11900","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.13/ad-inserter.php#L10569","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.13/ad-inserter.php#L10818","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.13/ad-inserter.php#L13083","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.13/ad-inserter.php#L2101","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.16/ad-inserter.php#L10569","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.16/ad-inserter.php#L10818","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.16/ad-inserter.php#L13083","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.16/ad-inserter.php#L2101","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3591792%40ad-inserter&new=3591792%40ad-inserter&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/20f0e9ae-786b-4ba8-a6d5-92bf31ebc2c7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14613","sourceIdentifier":"secalert@redhat.com","published":"2026-07-03T16:16:55.527","lastModified":"2026-07-07T18:16:35.023","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific \"role\" can also see a list of all groups assigned to that role. The system fails to check if the administrator has permission to see those specific groups. This could allow a restricted administrator to discover \"hidden\" groups and see their details, such as internal names and custom settings, which might contain sensitive deployment information."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:15:54.932409Z","id":"CVE-2026-14613","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-14613","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496878","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-14620","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-07-03T17:16:53.620","lastModified":"2026-07-07T15:12:43.947","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any website a developer visits while the dev server is running can trigger these endpoints cross-origin with no interaction beyond the visit. An attacker can open an arbitrary existing local file in the developer's editor, including files outside the project root, and repeated requests can spawn editor processes and force recompilations that degrade the developer's machine. Patches: upgrade to webpack-dev-server 5.2.6. Workarounds: none."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"webpack-dev-server","product":"webpack-dev-server","defaultStatus":"unaffected","packageURL":"pkg:npm/webpack-dev-server","versions":[{"version":"0","lessThan":"5.2.6","versionType":"semver","status":"affected"},{"version":"5.2.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:54:37.670158Z","id":"CVE-2026-14620","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-352"},{"lang":"en","value":"CWE-749"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webpack.js:webpack-dev-server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2.6","matchCriteriaId":"18354AA3-AA9C-44CC-AC11-E305120D5261"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Third Party Advisory"]},{"url":"https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-f5vj-f2hx-8m93","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14631","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-07-03T18:16:24.687","lastModified":"2026-07-07T15:08:59.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exception in the host-validation path and crashes the dev server. Impact is limited to availability of the development server, no data disclosure, no code execution. Patches: upgrade to webpack-dev-server 5.2.6. Workarounds: keep the dev server bound to localhost (the default) and do not expose it to untrusted networks."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"webpack-dev-server","product":"webpack-dev-server","defaultStatus":"unaffected","packageURL":"pkg:npm/webpack-dev-server","versions":[{"version":"0","lessThan":"5.2.6","versionType":"semver","status":"affected"},{"version":"5.2.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:54:04.567228Z","id":"CVE-2026-14631","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-248"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webpack.js:webpack-dev-server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2.6","matchCriteriaId":"18354AA3-AA9C-44CC-AC11-E305120D5261"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Third Party Advisory"]},{"url":"https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-m28w-2pqf-7qgj","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Mitigation","Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-58379","sourceIdentifier":"secalert@redhat.com","published":"2026-07-03T19:16:37.040","lastModified":"2026-07-07T18:16:39.700","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:13:06.904859Z","id":"CVE-2026-58379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58379","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2495997","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/b630f167","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16205","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-20779","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:56.543","lastModified":"2026-07-07T18:16:35.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"1.5.0","lessThan":"1.26.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:02:05.918693Z","id":"CVE-2026-20779","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.3-and-1.26.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38151","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.3","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-gx3v-q759-g323","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-gx3v-q759-g323","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-20896","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:56.660","lastModified":"2026-07-07T18:16:35.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:03:07.590667Z","id":"CVE-2026-20896","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.3-and-1.26.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38151","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.3","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-f75j-4cw6-rmx4","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-f75j-4cw6-rmx4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-20909","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:56.777","lastModified":"2026-07-07T18:16:35.477","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:35:26.263983Z","id":"CVE-2026-20909","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36662","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36744","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-22547","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:56.890","lastModified":"2026-07-07T18:16:35.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:40:14.847970Z","id":"CVE-2026-22547","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36671","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36757","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-22874","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.157","lastModified":"2026-07-07T18:16:35.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:44:30.434147Z","id":"CVE-2026-22874","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.3-and-1.26.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38059","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38173","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.3","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-2r5c-gw76-rh3w","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-2r5c-gw76-rh3w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-24451","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.280","lastModified":"2026-07-07T18:16:35.970","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"1.26.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:54:08.874718Z","id":"CVE-2026-24451","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.3-and-1.26.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38151","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.3","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-wrf9-r3h7-7x5v","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-wrf9-r3h7-7x5v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-24690","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.397","lastModified":"2026-07-07T18:16:36.117","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:57:50.582273Z","id":"CVE-2026-24690","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36465","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36838","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-25038","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.503","lastModified":"2026-07-07T18:16:36.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea 1.26.2 allows unauthorized users to access labels of private organizations."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"1.26.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:01:47.338786Z","id":"CVE-2026-25038","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.3-and-1.26.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38151","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.3","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-v73x-hx65-6pf4","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-v73x-hx65-6pf4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-25712","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.607","lastModified":"2026-07-07T18:16:36.407","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:05:50.618787Z","id":"CVE-2026-25712","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36798","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36841","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-25714","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.707","lastModified":"2026-07-07T18:16:36.550","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:33:18.306661Z","id":"CVE-2026-25714","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.2/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/37118","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.2","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-8629-vc8r-5p58","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-8629-vc8r-5p58","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-25718","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.823","lastModified":"2026-07-07T18:16:36.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:15:33.744373Z","id":"CVE-2026-25718","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36734","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36746","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-25779","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:57.923","lastModified":"2026-07-07T18:16:36.797","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.25.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:16:40.833772Z","id":"CVE-2026-25779","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36660","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36716","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-j5r2-4c8j-xc3m","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-j5r2-4c8j-xc3m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-25782","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.030","lastModified":"2026-07-07T18:16:36.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:19:59.416397Z","id":"CVE-2026-25782","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36664","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36689","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-26231","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.200","lastModified":"2026-07-07T18:16:37.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:44:56.666791Z","id":"CVE-2026-26231","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.2/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/37479","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/37484","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.2","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-mm7c-rhg6-qr4r","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-mm7c-rhg6-qr4r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-26232","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.313","lastModified":"2026-07-07T18:16:37.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:20:50.306165Z","id":"CVE-2026-26232","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36797","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36851","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-26247","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.417","lastModified":"2026-07-07T18:16:37.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:21:34.783006Z","id":"CVE-2026-26247","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36462","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36477","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-26292","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.517","lastModified":"2026-07-07T18:16:37.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 do not use the migration HTTP transport for LFS push and sync mirror operations, bypassing the configured migration transport protections for those LFS requests."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:23:15.727970Z","id":"CVE-2026-26292","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36665","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36691","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-27657","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.720","lastModified":"2026-07-07T18:16:37.613","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 allow a user to change another user's primary email address."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:26:20.596508Z","id":"CVE-2026-27657","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36586","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36607","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-27660","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.830","lastModified":"2026-07-07T18:16:37.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:27:04.135160Z","id":"CVE-2026-27660","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36659","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36715","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-27761","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:58.937","lastModified":"2026-07-07T18:16:37.887","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:36:41.805084Z","id":"CVE-2026-27761","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.3-and-1.26.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38147","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.3","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-3pww-vcvm-3gmj","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-3pww-vcvm-3gmj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-27771","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:59.043","lastModified":"2026-07-07T18:16:37.980","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:32:50.774085Z","id":"CVE-2026-27771","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.2/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/37610","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.2","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-8qw8-rq86-9pc2","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-28705","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:59.683","lastModified":"2026-07-07T18:16:38.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:28:13.742574Z","id":"CVE-2026-28705","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.5/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36799","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/36839","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.5","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-28737","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:59.787","lastModified":"2026-07-07T18:16:38.223","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"1.25.0","lessThan":"1.26.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:48:02.139792Z","id":"CVE-2026-28737","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.0/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/37233","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.0","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-9cpj-qc93-vw8v","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-9cpj-qc93-vw8v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-28740","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-07-03T21:16:59.890","lastModified":"2026-07-07T18:16:38.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack Code-unit access."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:47:46.184675Z","id":"CVE-2026-28740","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.26.3-and-1.26.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/pull/38050","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.26.3","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-2m9v-5q2g-58vq","source":"88ee5874-cf24-4952-aea0-31affedb7ff2"}]}},{"cve":{"id":"CVE-2026-45488","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:00.183","lastModified":"2026-07-07T13:50:43.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T02:18:07.141975Z","id":"CVE-2026-45488","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45488","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45489","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:00.307","lastModified":"2026-07-07T18:16:38.677","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Microsoft Edge (Chromium-based) Spoofing Vulnerability"}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:47:20.441855Z","id":"CVE-2026-45489","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-290"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45489","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55945","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:00.550","lastModified":"2026-07-07T13:31:43.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Edge (Chromium-based) allows an authorized attacker to disclose information locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T12:37:16.525115Z","id":"CVE-2026-55945","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55945","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56645","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:00.670","lastModified":"2026-07-07T13:45:19.933","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-56645","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56645","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56646","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:00.783","lastModified":"2026-07-07T13:44:42.013","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:17:11.669950Z","id":"CVE-2026-56646","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56646","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57974","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:00.957","lastModified":"2026-07-07T13:43:32.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57974","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57974","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57975","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.077","lastModified":"2026-07-07T13:42:46.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57975","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57975","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57977","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.193","lastModified":"2026-07-07T13:14:18.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:32:26.892713Z","id":"CVE-2026-57977","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57977","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57981","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.313","lastModified":"2026-07-07T15:12:44.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57981","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57981","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57983","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.433","lastModified":"2026-07-07T15:15:02.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57983","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57983","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57984","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.550","lastModified":"2026-07-07T15:17:01.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57984","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57984","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57985","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.663","lastModified":"2026-07-07T15:22:29.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57985","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57985","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57986","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.780","lastModified":"2026-07-07T12:50:49.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57986","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57986","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57987","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:01.903","lastModified":"2026-07-07T12:44:32.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:29:44.480010Z","id":"CVE-2026-57987","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57987","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57988","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:02.023","lastModified":"2026-07-07T12:43:36.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57988","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57988","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57991","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:02.180","lastModified":"2026-07-07T12:43:02.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T11:31:12.247561Z","id":"CVE-2026-57991","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57991","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57992","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:02.310","lastModified":"2026-07-07T12:41:39.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57992","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57992","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58287","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:03.413","lastModified":"2026-07-07T12:40:42.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-58287","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58287","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58289","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:03.640","lastModified":"2026-07-07T12:40:04.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-58289","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58289","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58290","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:03.770","lastModified":"2026-07-07T14:16:33.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:55:38.605549Z","id":"CVE-2026-58290","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58290","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58292","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.013","lastModified":"2026-07-07T12:37:27.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-58292","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58292","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58293","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.143","lastModified":"2026-07-07T12:36:37.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-58293","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58293","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58294","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.293","lastModified":"2026-07-07T12:33:42.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-58294","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58294","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58295","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.417","lastModified":"2026-07-07T12:32:13.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:25:52.899779Z","id":"CVE-2026-58295","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58295","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58296","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.547","lastModified":"2026-07-07T14:49:01.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:16:33.996722Z","id":"CVE-2026-58296","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58296","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58297","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.663","lastModified":"2026-07-07T14:48:05.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:44:53.834884Z","id":"CVE-2026-58297","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58297","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58298","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.790","lastModified":"2026-07-07T14:50:40.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T02:19:59.403940Z","id":"CVE-2026-58298","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:-:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"48F2BF1A-3594-4AC0-B74D-FA7BF3259AC4"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58298","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58299","sourceIdentifier":"secure@microsoft.com","published":"2026-07-03T21:17:04.907","lastModified":"2026-07-07T14:42:37.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Edge (Chromium-based)","versions":[{"version":"1.0.0.0","lessThan":"150.0.4078.48","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-58299","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*","versionEndExcluding":"150.0.4078.48","matchCriteriaId":"0C006CA1-F693-4B52-BC1A-A7B44979EAB8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58299","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71364","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-04T02:16:22.583","lastModified":"2026-07-07T18:16:33.800","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when loaded."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.30","versionType":"semver","status":"affected"},{"version":"0.0.30","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T20:24:26.604494Z","id":"CVE-2025-71364","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-q77w-mwjj-7mqx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-asyncio-unix-events-unixsubprocesstransport-start","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-q77w-mwjj-7mqx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71375","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-04T02:16:23.347","lastModified":"2026-07-07T18:16:33.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load()."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.34","versionType":"semver","status":"affected"},{"version":"0.0.34","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:41:08.574461Z","id":"CVE-2025-71375","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-955r-x9j8-7rhh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-undetected-remote-code-execution-via-operator-methodcaller","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-955r-x9j8-7rhh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-14798","sourceIdentifier":"cna@vuldb.com","published":"2026-07-06T06:16:27.513","lastModified":"2026-07-07T15:16:43.057","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en el sistema de gestión de visitantes de CodeAstro Apartment 1.0. Este problema afecta a un proceso desconocido del archivo /apartment-visitor/visitor-entry.php. La manipulación del argumento visname da lugar a una inyección SQL. El ataque puede iniciarse de forma remota. El código de explotación está disponible públicamente y podría utilizarse."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"CodeAstro","product":"Apartment Visitor Management System","cpes":["cpe:2.3:a:codeastro:apartment_visitor_management_system:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:58:52.114727Z","id":"CVE-2026-14798","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://codeastro.com/","source":"cna@vuldb.com"},{"url":"https://github.com/lilukun337/cve/issues/10","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-14798","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850852","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376392","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376392/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-24012","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:35.037","lastModified":"2026-07-07T17:53:36.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption vulnerability in Apache IoTDB. \n\nSome interface fails to impose reasonable\nlimits on the time span and aggregation interval of the query. An attacker\ncan construct a request with extreme parameters (e.g., a very large time\nrange combined with a minimal interval). This forces the DataNode to build\nan enormous result set in memory, which exhausts the Java heap and causes\nthe DataNode process to crash.\n\nThis issue affects Apache IoTDB: from 1.3.3 before 2.0.8.\n\nUsers are recommended to upgrade to version 2.0.8, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.3.3","lessThan":"2.0.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T12:59:08.459706Z","id":"CVE-2026-24012","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.3","versionEndExcluding":"2.0.8","matchCriteriaId":"A5DB00CF-13B9-44F8-9F24-70DFE24EB18E"}]}]}],"references":[{"url":"https://lists.apache.org/thread/0g5th1t2vj6j8hm5t9w3xh9n6f6ht9z8","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24013","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:35.163","lastModified":"2026-07-07T17:50:26.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass by Spoofing vulnerability in Apache IoTDB.\nCertain Thrift RPC query handlers lack strict validation of the sessionId\nparameter. An attacker can construct requests with a forged sessionId and,\nwithout performing openSession authentication, receive valid query results.\nThis allows authentication bypass and unauthorized reading of time-series\ndata.\n\n\nThis issue affects Apache IoTDB: from 1.3.3 before 2.0.8.\n\nUsers are recommended to upgrade to version 2.0.8, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.3.3","lessThan":"2.0.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:10:47.800876Z","id":"CVE-2026-24013","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.3","versionEndExcluding":"2.0.8","matchCriteriaId":"A5DB00CF-13B9-44F8-9F24-70DFE24EB18E"}]}]}],"references":[{"url":"https://lists.apache.org/thread/6pwkgnqhbm56mvn309f87snm84s0b75y","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24014","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:35.270","lastModified":"2026-07-07T17:49:04.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name to write files outside the intended Trigger installation directory. This could allow arbitrary file write with the permissions of the IoTDB process.\n\nThis issue affects Apache IoTDB: from 1.3.3 before 2.0.8.\n\nUsers are recommended to upgrade to version 2.0.8, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.3.3","lessThan":"2.0.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:08:49.734562Z","id":"CVE-2026-24014","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.3","versionEndExcluding":"2.0.8","matchCriteriaId":"A5DB00CF-13B9-44F8-9F24-70DFE24EB18E"}]}]}],"references":[{"url":"https://lists.apache.org/thread/38298f803gb5j9nlhf0l9zkf34o90h3m","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-40859","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:35.520","lastModified":"2026-07-07T17:40:09.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Apache Camel.\n\nThe camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter (VertxHttpHelper.deserializeJavaObjectFromStream) This deserialization path is reached only when the producer endpoint is configured with transferException=true (or the component-level allowJavaSerializedObject=true) and throwExceptionOnFailure is left at its default value of true; in that case a backend HTTP response with a 5xx status and the application/x-java-serialized-object content type has its body deserialized with no class restrictions. An attacker who controls the backend the Camel producer talks to - through a man-in-the-middle position on an unencrypted (plain HTTP) connection, or by compromising the backend service - can return a crafted serialized Java object and, if a suitable gadget chain is present on the classpath, achieve remote code execution on the Camel application host. The path is not reachable in the default configuration, where transferException is false.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.20.0.\n\nUsers are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, the deserialization performed by both helper utilities is constrained by a default ObjectInputFilter (allow-list java.**;javax.**;org.apache.camel.**;!*), which can be customised through the new deserializationFilter endpoint option or the JVM-wide -Djdk.serialFilter system property. For deployments that cannot upgrade immediately: do not enable transferException=true (or allowJavaSerializedObject=true) on producers that talk to untrusted or network-reachable backends; ensure producer connections use TLS (https) so that a response cannot be substituted by a man-in-the-middle; and, where the option is required, set an explicit -Djdk.serialFilter allow-list (for example java.**;org.apache.camel.**;!*) to constrain deserialization."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-vertx-http","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:47:48.609198Z","id":"CVE-2026-40859","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:4.19.0:*:*:*:*:*:*:*","matchCriteriaId":"EDA4D206-8808-4D2A-873E-8488DD7E3E16"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-40859.html","source":"security@apache.org","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-15668","sourceIdentifier":"cna@vuldb.com","published":"2026-07-06T12:16:39.630","lastModified":"2026-07-07T15:16:41.887","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is f29f955f2a3b5e8e507caad3e52319f961bf37bf. It is advisable to implement a patch to correct this issue."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"GPAC","cpes":["cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*"],"modules":["MP4Box"],"versions":[{"version":"b40ce70f5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:02:34.286901Z","id":"CVE-2025-15668","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/TimChan2001/pocs/raw/refs/heads/main/poc-gpac-0","source":"cna@vuldb.com"},{"url":"https://github.com/gpac/gpac/","source":"cna@vuldb.com"},{"url":"https://github.com/gpac/gpac/commit/f29f955f2a3b5e8e507caad3e52319f961bf37bf","source":"cna@vuldb.com"},{"url":"https://github.com/gpac/gpac/issues/3398","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2025-15668","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/846851","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376293","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376293/cti","source":"cna@vuldb.com"},{"url":"https://github.com/gpac/gpac/issues/3398","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59152","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T16:16:37.413","lastModified":"2026-07-07T16:16:41.340","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in 0.8.18."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langchain-ai","product":"langsmith-sdk","versions":[{"version":"< 0.8.18","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:17:33.429942Z","id":"CVE-2026-59152","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-843"}]}],"references":[{"url":"https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-f4xh-w4cj-qxq8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59194","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T16:16:37.550","lastModified":"2026-07-07T19:08:57.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pnpm","product":"pnpm","versions":[{"version":"< 10.34.4","status":"affected"},{"version":">= 11.0.0, < 11.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:42:34.727360Z","id":"CVE-2026-59194","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionEndExcluding":"10.34.4","matchCriteriaId":"D09BE91F-1A74-4A92-ACEA-0133AC22ABB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.7.0","matchCriteriaId":"A3462BD2-12EE-4BE7-8062-B6F27B1872D6"}]}]}],"references":[{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-72r4-9c5j-mj57","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-59195","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T16:16:37.683","lastModified":"2026-07-07T19:09:30.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under node_modules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose env-lockfile document contains a traversal-shaped config dependency name. During pnpm install, pnpm installs the config dependency and creates a symlink at a path derived from that name. This vulnerability is fixed in 10.34.4 and 11.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pnpm","product":"pnpm","versions":[{"version":"< 10.34.4","status":"affected"},{"version":">= 11.0.0, < 11.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:05:42.723792Z","id":"CVE-2026-59195","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionEndExcluding":"10.34.4","matchCriteriaId":"D09BE91F-1A74-4A92-ACEA-0133AC22ABB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.8.0","matchCriteriaId":"63B23A95-A23B-436C-A319-73FD1454AFC8"}]}]}],"references":[{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-qrv3-253h-g69c","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-qrv3-253h-g69c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59196","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T16:16:37.810","lastModified":"2026-07-07T19:09:15.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout.  This vulnerability is fixed in 10.34.4 and 11.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pnpm","product":"pnpm","versions":[{"version":"< 10.34.4","status":"affected"},{"version":">= 11.0.0, < 11.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:40:26.718598Z","id":"CVE-2026-59196","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionEndExcluding":"10.34.4","matchCriteriaId":"D09BE91F-1A74-4A92-ACEA-0133AC22ABB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.7.0","matchCriteriaId":"A3462BD2-12EE-4BE7-8062-B6F27B1872D6"}]}]}],"references":[{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-fr4h-3cph-29xv","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-40138","sourceIdentifier":"13061848-ea10-403d-bd75-c83a022c2891","published":"2026-07-06T17:16:30.793","lastModified":"2026-07-07T16:16:38.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled"}],"affected":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","affectedData":[{"vendor":"BeyondTrust","product":"Remote Support","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]},{"vendor":"BeyondTrust","product":"Privileged Remote Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-40138","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"79807D69-2935-4EC4-B34F-3BBFCE1D6EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"91823A93-2793-4FA6-AB9B-60E62102AE0E"}]}]}],"references":[{"url":"https://www.beyondtrust.com/trust-center/security-advisories/bt26-03","source":"13061848-ea10-403d-bd75-c83a022c2891","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40139","sourceIdentifier":"13061848-ea10-403d-bd75-c83a022c2891","published":"2026-07-06T17:16:30.920","lastModified":"2026-07-07T18:39:48.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled."}],"affected":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","affectedData":[{"vendor":"BeyondTrust","product":"Remote Support","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]},{"vendor":"BeyondTrust","product":"Privileged Remote Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-40139","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"79807D69-2935-4EC4-B34F-3BBFCE1D6EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"91823A93-2793-4FA6-AB9B-60E62102AE0E"}]}]}],"references":[{"url":"https://www.beyondtrust.com/trust-center/security-advisories/bt26-03","source":"13061848-ea10-403d-bd75-c83a022c2891","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40140","sourceIdentifier":"13061848-ea10-403d-bd75-c83a022c2891","published":"2026-07-06T17:16:31.030","lastModified":"2026-07-07T18:40:15.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability."}],"affected":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","affectedData":[{"vendor":"BeyondTrust","product":"Remote Support","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]},{"vendor":"BeyondTrust","product":"Privileged Remote Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:55:25.321625Z","id":"CVE-2026-40140","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"79807D69-2935-4EC4-B34F-3BBFCE1D6EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"91823A93-2793-4FA6-AB9B-60E62102AE0E"}]}]}],"references":[{"url":"https://www.beyondtrust.com/trust-center/security-advisories/bt26-03","source":"13061848-ea10-403d-bd75-c83a022c2891","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40141","sourceIdentifier":"13061848-ea10-403d-bd75-c83a022c2891","published":"2026-07-06T17:16:31.143","lastModified":"2026-07-07T18:43:46.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions."}],"affected":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","affectedData":[{"vendor":"BeyondTrust","product":"Remote Support","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]},{"vendor":"BeyondTrust","product":"Privilege Remote Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:55:59.570650Z","id":"CVE-2026-40141","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"13061848-ea10-403d-bd75-c83a022c2891","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"79807D69-2935-4EC4-B34F-3BBFCE1D6EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.3","matchCriteriaId":"91823A93-2793-4FA6-AB9B-60E62102AE0E"}]}]}],"references":[{"url":"https://www.beyondtrust.com/trust-center/security-advisories/bt26-03","source":"13061848-ea10-403d-bd75-c83a022c2891","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40257","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T17:16:31.253","lastModified":"2026-07-07T18:56:50.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow that corrupts all TEE kernel memory following the hash state. This affects all platforms built with `CFG_CRYPTO_WITH_CE82=y` (ARMv8.2+ with SHA3 Crypto Extensions). Version 4.11.0 contains a patch. As a workaround, disable SHA3 Crypto Extensions with `CFG_CRYPTO_WITH_CE82=n`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 3.21.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:57:28.891502Z","id":"CVE-2026-40257","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"3.21.0","versionEndIncluding":"4.10.0","matchCriteriaId":"C9D819B8-1780-4240-BF51-0FC2FF483CCD"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-75x4-j8p9-55qv","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12154","sourceIdentifier":"security@wordfence.com","published":"2026-07-06T18:16:36.670","lastModified":"2026-07-07T15:16:42.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_id' shortcode attribute of the [fbrev] shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the Feed_Shortcode::fbrev() method, which passes the raw shortcode attribute through Feed_Old::get_feed() into the View::render() method, where it is echoed directly into the data-id HTML attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"widgetpack","product":"Reviews Widgets for Google, TripAdvisor, Yelp & Recommendations","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.7.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:06:53.473541Z","id":"CVE-2026-12154","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/fb-reviews-widget/tags/2.7.3/includes/class-feed-old.php#L55","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fb-reviews-widget/tags/2.7.3/includes/class-feed-shortcode.php#L57","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/fb-reviews-widget/tags/2.7.3/includes/class-view.php#L36","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3593292%40fb-reviews-widget&old=3451654%40fb-reviews-widget&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86fbc499-dca3-41da-a6ef-8e97d7e46d0e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-41434","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T18:16:43.923","lastModified":"2026-07-07T18:53:03.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS#11 TA. Version 4.11.0 contains a patch. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 3.10.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:06:00.668878Z","id":"CVE-2026-41434","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.0","versionEndIncluding":"4.10.0","matchCriteriaId":"42D16C4D-A10A-4435-90BC-EB6A8C81E7BD"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-wh38-23ff-grff","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54059","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T19:17:08.127","lastModified":"2026-07-07T18:58:26.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-pillow","product":"Pillow","versions":[{"version":"< 12.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:44:18.151665Z","id":"CVE-2026-54059","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","versionEndExcluding":"12.3.0","matchCriteriaId":"6372231F-529B-45CD-978E-3F2AEFF5F95C"}]}]}],"references":[{"url":"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-8v84-f9pq-wr9x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54060","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T19:17:08.270","lastModified":"2026-07-07T18:58:45.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new(\"1\", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-pillow","product":"Pillow","versions":[{"version":"< 12.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:07:46.646415Z","id":"CVE-2026-54060","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","versionEndExcluding":"12.3.0","matchCriteriaId":"6372231F-529B-45CD-978E-3F2AEFF5F95C"}]}]}],"references":[{"url":"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-5x94-69rx-g8h2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55379","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T19:17:08.577","lastModified":"2026-07-07T18:59:01.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-pillow","product":"Pillow","versions":[{"version":"< 12.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:16:56.631649Z","id":"CVE-2026-55379","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","versionEndExcluding":"12.3.0","matchCriteriaId":"6372231F-529B-45CD-978E-3F2AEFF5F95C"}]}]}],"references":[{"url":"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/python-pillow/Pillow/commit/0a263e6264aa5399988d9acd3bbfbca2ca3ec77d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-45hq-cxwh-f6vc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55380","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T19:17:08.703","lastModified":"2026-07-07T18:58:54.647","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-pillow","product":"Pillow","versions":[{"version":"< 12.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:23:03.405538Z","id":"CVE-2026-55380","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","versionEndExcluding":"12.3.0","matchCriteriaId":"6372231F-529B-45CD-978E-3F2AEFF5F95C"}]}]}],"references":[{"url":"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/python-pillow/Pillow/commit/f39b0ae6624eb2d7c5c5d651d9bb5fdbd96a8675","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-phj9-mv4w-65pm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55798","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T19:17:08.830","lastModified":"2026-07-07T18:58:33.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(..., shell=True), allowing shell metacharacters in the file path to inject arbitrary cmd.exe commands. This issue is fixed in version 12.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"python-pillow","product":"Pillow","versions":[{"version":"< 12.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:19:30.348707Z","id":"CVE-2026-55798","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*","versionEndExcluding":"12.3.0","matchCriteriaId":"6372231F-529B-45CD-978E-3F2AEFF5F95C"}]}]}],"references":[{"url":"https://github.com/python-pillow/Pillow/blob/main/docs/releasenotes/12.3.0.rst","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/python-pillow/Pillow/commit/8404ea5fe5df40fc34aa1e51403dd6fce0778b8a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/python-pillow/Pillow/commit/88194166691b7b603529b8b036ab3ab9cedd2de4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/python-pillow/Pillow/commit/b0e06caa64c1405aa3da0bb1d2bd9a77ca22de7f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-4x4j-2g7c-83w6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14898","sourceIdentifier":"8f4f43ab-ba69-4d92-aa1d-d772184d6fb7","published":"2026-07-06T20:16:30.580","lastModified":"2026-07-07T16:16:37.877","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image URL containing sensitive data. The app automatically fetched that URL when rendering the response, sending the embedded data to an attacker-controlled server without a separate user click. Successful exploitation could exfiltrate secrets and other information accessible in the Codex session, including API keys, source code, and data returned by connected tools. No direct integrity or availability impact was demonstrated, and there is no known exploitation in the wild."}],"affected":[{"source":"8f4f43ab-ba69-4d92-aa1d-d772184d6fb7","affectedData":[{"vendor":"OpenAI","product":"Codex desktop app for macOS","versions":[{"version":"0","lessThan":"26.527.31326","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:35:10.010319Z","id":"CVE-2026-14898","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"8f4f43ab-ba69-4d92-aa1d-d772184d6fb7","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://openai.com/codex/","source":"8f4f43ab-ba69-4d92-aa1d-d772184d6fb7"}]}},{"cve":{"id":"CVE-2026-41514","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T20:16:31.917","lastModified":"2026-07-07T18:50:58.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses non-constant-time `memcmp()` for label hash verification and has multiple distinguishable error paths. This creates a Manger-style padding oracle that allows an attacker to recover RSA-OAEP plaintext with approximately 1000-2000 adaptive chosen ciphertext queries. Only affects plat-d06 with `CFG_HISILICON_ACC_V3=y`, which seems to be disabled by default. Version 4.11.0 contains a patch. As a workaround, disable Hisilicon HPRE RSA driver with `CFG_HISILICON_ACC_V3=n`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 4.5.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:45:05.770597Z","id":"CVE-2026-41514","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"4.10.0","matchCriteriaId":"8B93151E-CC12-4D48-8C7F-FE2EF4FF519E"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-qw4r-9wj9-q23r","source":"security-advisories@github.com","tags":["Vendor Advisory","Mitigation","Patch"]}]}},{"cve":{"id":"CVE-2026-41515","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T20:16:32.060","lastModified":"2026-07-07T18:54:35.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses non-constant-time `memcmp()` for label hash verification and has multiple distinguishable error paths. This creates a Manger-style padding oracle that allows an attacker to recover RSA-OAEP plaintext with approximately 1000-2000 adaptive chosen ciphertext queries. Version 4.11.0 contains a patch. As a workaround, disable the NXP CAAM RSA driver with `CFG_CRYPTO_DRV_RSA=n`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 3.9.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:09:21.542493Z","id":"CVE-2026-41515","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndIncluding":"4.10.0","matchCriteriaId":"1C945726-800A-493F-93B5-2899E739C4DF"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-5q45-58r5-cq4g","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-41516","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T20:16:32.197","lastModified":"2026-07-07T18:56:37.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS#1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver uses non-constant-time `memcmp()` for label hash verification and has multiple distinguishable error paths. This creates a Bleichenbacher-style padding oracle that allows an attacker to recover RSA PKCS#1 v1.5  plaintext. Version 4.11.0 contains a patch. As a workaround, disable Hisilicon HPRE RSA driver with `CFG_HISILICON_ACC_V3=n`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 4.5.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:47:50.040845Z","id":"CVE-2026-41516","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"4.10.0","matchCriteriaId":"8B93151E-CC12-4D48-8C7F-FE2EF4FF519E"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-wxp6-8wwr-h4gf","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory","Exploit","Patch"]}]}},{"cve":{"id":"CVE-2026-42546","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T20:16:33.257","lastModified":"2026-07-07T18:56:18.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the function `cleanup_shm_refs()` in `core/tee/entry_std.c`  fails to apply a required bitmask (`OPTEE_MSG_ATTR_TYPE_MASK`) to parameter attributes. When processing non-contiguous memory parameters from a normal-world caller, the system fails to match the attribute type in its internal switch statement and skips the necessary mobj_put() call. This results in a persistent reference leak of `mobj_reg_shm` objects, which remain on internal lists with dangling refcounts. This affects non-FF-A configurations that support non-contiguous, non-secure shared memory. Over time, these accumulated leaks progressively consume the secure-world heap, degrading the system's ability to service trusted application operations and eventually requiring a reboot to recover. Version 4.11.0 contains a patch. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 3.3.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T20:50:39.850245Z","id":"CVE-2026-42546","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndIncluding":"4.10.0","matchCriteriaId":"8523949E-5FB1-4A9C-9296-F28C82372677"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-c7j8-fgqw-rcgp","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44362","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T20:16:33.950","lastModified":"2026-07-07T18:55:08.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked or older subkey versions because the system fails to propagate versioning data during the Trusted Application (TA) loading process. In `core/crypto/signed_hdr.c`, the function `shdr_load_pub_key()` parses subkey headers but does not assign the `subkey_version` to the runtime `shdr_pub_key` structure. As a result, the `key->version` field remains at zero regardless of the version specified in the header. When `ree_fs_ta_open()` in `core/kernel/ree_fs_ta.c` calls `check_update_version()`, it passes this zeroed version to the rollback database. Because the database never receives a non-zero version to record, it never advances, effectively bypassing the rollback check and allowing TAs signed with downgraded subkey chains to load successfully. This impacts OP-TEE mainline configurations that utilize subkey-based signing chains for Trusted Application (TA) authentication. Version 4.11.0 contains a patch. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 3.20.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T20:51:43.694755Z","id":"CVE-2026-44362","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"3.20.0","versionEndIncluding":"4.10.0","matchCriteriaId":"D8F56A2E-B76A-4B45-AF68-2036283D85D6"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-fhcg-pp56-8v75","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53763","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T20:16:37.327","lastModified":"2026-07-07T18:53:34.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the authentication tag to be computed with incorrect bit-length values after processing more than 512 megabytes of payload or Additional Authenticated Data (AAD). Version 4.11.0 contains a patch. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OP-TEE","product":"optee_os","versions":[{"version":">= 3.0.0, < 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:10:42.847861Z","id":"CVE-2026-53763","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"4.10.0","matchCriteriaId":"388BEF1F-1613-4750-B978-8B551997EEB6"}]}]}],"references":[{"url":"https://github.com/OP-TEE/optee_os/security/advisories/GHSA-fcm8-vjhf-6vqh","source":"security-advisories@github.com","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-55646","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T20:16:37.663","lastModified":"2026-07-07T19:04:45.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLM_MAX_AUDIO_CLIP_FILESIZE_MB compressed upload size limit (default 25 MB) later in the speech-to-text preprocessing step, so an API caller who can reach those routes can submit an oversized multipart upload and cause vLLM to allocate memory proportional to the uploaded file size before the request is rejected as too large, creating memory pressure or terminating the process depending on deployment resource limits. This issue is fixed in version 0.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":">= 0.22.0, < 0.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:49:41.180992Z","id":"CVE-2026-55646","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.22.0","versionEndExcluding":"0.24.0","matchCriteriaId":"D7860DB8-F910-4CD7-92D1-4775DA105A7F"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/b997071ec493765abbed990c65843ed05e4708a8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/45510","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-v82g-2437-67m2","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-v82g-2437-67m2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-59615","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:52.077","lastModified":"2026-07-07T17:03:12.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon CCW","Snapdragon Compute","Snapdragon Consumer IOT","Snapdragon MC","Snapdragon Mobile"],"versions":[{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"Molokai","status":"affected"},{"version":"Orne","status":"affected"},{"version":"Pandeiro","status":"affected"},{"version":"QCM5430","status":"affected"},{"version":"QCM6490","status":"affected"},{"version":"QLN1083BD","status":"affected"},{"version":"QLN1086BD","status":"affected"},{"version":"QMP1000","status":"affected"},{"version":"QMP2001","status":"affected"},{"version":"QPA1083BD","status":"affected"},{"version":"QPA1086BD","status":"affected"},{"version":"Qualcomm Video Collaboration VC3 Platform","status":"affected"},{"version":"QXM1093","status":"affected"},{"version":"QXM1094","status":"affected"},{"version":"QXM1095","status":"affected"},{"version":"QXM1096","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"SD865 5G","status":"affected"},{"version":"SM6850","status":"affected"},{"version":"SM8845P","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Elite Gen 5","status":"affected"},{"version":"Snapdragon AR1 Gen 1 Platform","status":"affected"},{"version":"Snapdragon XR2 5G Platform","status":"affected"},{"version":"Snapdragon XR2+ Gen 1 Platform","status":"affected"},{"version":"SXR2230P","status":"affected"},{"version":"SXR2250P","status":"affected"},{"version":"SXR2330P","status":"affected"},{"version":"SXR2350P","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9378","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCD9395","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6450","status":"affected"},{"version":"WCN7760","status":"affected"},{"version":"WCN7860","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7880","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"WSA8850","status":"affected"},{"version":"WSA8850W","status":"affected"},{"version":"WSA8855C","status":"affected"},{"version":"XRV7209","status":"affected"},{"version":"XRV9209","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":5.3},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:22.792067Z","id":"CVE-2025-59615","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:molokai_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"27BCE022-2E7D-4F41-B8EF-6B2F906F75E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:molokai:-:*:*:*:*:*:*:*","matchCriteriaId":"4864D493-47A8-4389-9D9A-2ED5B995EF27"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:orne_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"19FB8345-BBFC-4E18-A4E6-64A159D7F65B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:orne:-:*:*:*:*:*:*:*","matchCriteriaId":"FFDA4056-3F1B-4F3A-BE59-1908BD3DE5E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23F8EF0C-BB48-47E1-A045-254D79388F75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*","matchCriteriaId":"058950FC-ED72-4E91-AE13-87E738ADC083"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*","matchCriteriaId":"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*","matchCriteriaId":"99AA0291-B822-4CAD-BA17-81B632FC3FEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FD70F234-1EE7-4362-97F6-5AEDB7078D03"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"C569A848-B70C-42EF-B6D5-4A86547586EE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F218DF06-C40A-4738-ABB5-A3FA2243EF84"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2A0CD0-66FA-45D6-BBC7-03641203EC73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmp1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5298473D-8B34-42E6-BC32-69A3800972B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmp1000:-:*:*:*:*:*:*:*","matchCriteriaId":"2A1CF44E-FFC2-4DCB-8DC2-46422D912448"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmp2001_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0B53AF78-37B0-4D64-A7D3-1729D0248D61"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmp2001:-:*:*:*:*:*:*:*","matchCriteriaId":"560E36D2-27DB-4590-A879-C2071ED72641"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B0208F7B-A959-485E-B004-A34CB7C7C4C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"FBDAC812-4603-4D24-A861-23825E32D44E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7F6DEF72-A8FF-4B67-AA6C-5CB4AA7B35E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"00EF6875-B088-40BD-A526-C962789CDC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD4946C6-778F-4542-AB77-C9B86AF25C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6F1D604A-4530-42B3-80A0-58A82D658DDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1093_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9A46B609-BD06-4BB7-B055-1F71C555E93D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1093:-:*:*:*:*:*:*:*","matchCriteriaId":"59598462-1E53-4F6D-BAB5-06ACEDF6CD9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1094_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8F30D66E-2802-4394-BC39-5E04711234FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1094:-:*:*:*:*:*:*:*","matchCriteriaId":"078EC383-784F-4468-B94C-AE7CC9808419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1095_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7B67C93-0453-4696-8F3D-0AD664922C44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1095:-:*:*:*:*:*:*:*","matchCriteriaId":"D61C46AA-9130-46A8-BD04-8B4235118B81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1096_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2D5E44-48F6-41E8-A38B-A2E070E16AA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1096:-:*:*:*:*:*:*:*","matchCriteriaId":"9BD0372F-5140-4966-9A27-6B5A606C0665"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm6850_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DE09FF94-7751-4EED-B269-C7BB056CA90C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm6850:-:*:*:*:*:*:*:*","matchCriteriaId":"02B1463D-EE74-42DC-95D5-D0F66260CB32"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm8845p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A205320E-6C60-4F6A-90D5-06CABAF0FDEA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm8845p:-:*:*:*:*:*:*:*","matchCriteriaId":"0FB8CE86-605E-4B3D-82E5-A55093ABCE5F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_elite_gen_5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"41070BDB-15E4-4DD7-A132-A14AA24978E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_elite_gen_5:-:*:*:*:*:*:*:*","matchCriteriaId":"102460A6-9637-4883-9230-2CC888D5D74E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"53E5BBDA-C07D-42E2-9A34-EC1F6454CAA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0BB2408F-C768-4DD2-B834-B62E188D6CC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A129620-8241-4A47-AAC8-CC7E10A09C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"4CEDD78E-124C-4216-9B57-3B7B53463659"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF9740EB-F82E-42EA-993E-A393B05CC6BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"022A5532-03F7-4FB8-BA0D-4221178C9486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CD6444F6-A477-4B4C-8A09-C22C47CCE45B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2250p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"68A93ED1-F509-439E-AE7B-F0EC87AE759F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2250p:-:*:*:*:*:*:*:*","matchCriteriaId":"FB5E2A98-EDD0-4298-911D-EC7527D5A424"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2330p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"568C5B08-AC42-48D3-8029-A65689EEBE75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2330p:-:*:*:*:*:*:*:*","matchCriteriaId":"56DD2B49-0A36-443C-BECB-4115E271A415"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2350p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AA54D269-A94D-47CB-B3F1-7B163E453A67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2350p:-:*:*:*:*:*:*:*","matchCriteriaId":"F1D79422-1EA3-459A-8C4A-8A0FBE386036"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFDBB5B-0A4F-4032-874F-D2A7EF933FB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378:-:*:*:*:*:*:*:*","matchCriteriaId":"D28A12D6-CC60-4BE9-ADEE-FAB58B05440F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"699056F6-1517-4F25-AE07-4FFCF6923B9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*","matchCriteriaId":"E4C023D2-6FF5-4FFC-B9F2-895979166580"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6450_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FAFC9FA-E6EF-44C5-BD50-2824C7711541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6450:-:*:*:*:*:*:*:*","matchCriteriaId":"6F895CDD-F9BB-45AD-AE60-71F4549114A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7760_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"506C6CE1-6BDF-4542-82C1-820D10D8181A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7760:-:*:*:*:*:*:*:*","matchCriteriaId":"72F8CE3B-2BDC-40B1-BB04-A3A7E25B8096"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EB8794F-7998-424E-AF68-E4A4F9310F65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*","matchCriteriaId":"799D69CE-3FCC-4B19-8B00-9AF38111D983"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"63735D33-9F09-4841-9FE0-0D9AB604BECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7880:-:*:*:*:*:*:*:*","matchCriteriaId":"E826F765-4C2E-4319-BBC4-DEB02AAD783F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8850_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FA243934-7BFA-47AA-B78C-CCB25377E471"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8850:-:*:*:*:*:*:*:*","matchCriteriaId":"2FD65035-4D20-48D5-874E-47CD9C7A985C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8850w_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"22707187-A56D-48AD-800F-A438FD844546"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8850w:-:*:*:*:*:*:*:*","matchCriteriaId":"F526A54A-F974-4D0A-A1A6-FABBB6711CD0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8855c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"671E0B82-5D58-4644-8806-7F4CAFFB6641"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8855c:-:*:*:*:*:*:*:*","matchCriteriaId":"CC066321-B3CC-4E88-BFA9-414B8D095207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv7209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC6C6243-E092-4903-BC20-E3B0CECBC790"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv7209:-:*:*:*:*:*:*:*","matchCriteriaId":"AAA33761-D61C-4A81-B233-5E2D50F3596F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv9209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3D693483-72F9-42B1-8EDA-8DABD537F428"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv9209:-:*:*:*:*:*:*:*","matchCriteriaId":"43F4A7D9-055D-475B-BFE4-61A86C7397F8"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-59616","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:52.513","lastModified":"2026-07-07T17:00:24.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon CCW","Snapdragon Compute","Snapdragon Consumer IOT","Snapdragon MC","Snapdragon Mobile"],"versions":[{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"Molokai","status":"affected"},{"version":"Orne","status":"affected"},{"version":"Pandeiro","status":"affected"},{"version":"QCM5430","status":"affected"},{"version":"QCM6490","status":"affected"},{"version":"QMP1000","status":"affected"},{"version":"QMP2001","status":"affected"},{"version":"Qualcomm Video Collaboration VC3 Platform","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"SD865 5G","status":"affected"},{"version":"SM6850","status":"affected"},{"version":"SM8845P","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Elite Gen 5","status":"affected"},{"version":"Snapdragon AR1 Gen 1 Platform","status":"affected"},{"version":"Snapdragon XR2 5G Platform","status":"affected"},{"version":"Snapdragon XR2+ Gen 1 Platform","status":"affected"},{"version":"SXR2230P","status":"affected"},{"version":"SXR2250P","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9378","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCD9395","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6450","status":"affected"},{"version":"WCN7760","status":"affected"},{"version":"WCN7860","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7880","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"WSA8850","status":"affected"},{"version":"WSA8850W","status":"affected"},{"version":"WSA8855C","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":5.3},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:24.909314Z","id":"CVE-2025-59616","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:molokai_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"27BCE022-2E7D-4F41-B8EF-6B2F906F75E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:molokai:-:*:*:*:*:*:*:*","matchCriteriaId":"4864D493-47A8-4389-9D9A-2ED5B995EF27"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:orne_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"19FB8345-BBFC-4E18-A4E6-64A159D7F65B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:orne:-:*:*:*:*:*:*:*","matchCriteriaId":"FFDA4056-3F1B-4F3A-BE59-1908BD3DE5E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23F8EF0C-BB48-47E1-A045-254D79388F75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*","matchCriteriaId":"058950FC-ED72-4E91-AE13-87E738ADC083"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*","matchCriteriaId":"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*","matchCriteriaId":"99AA0291-B822-4CAD-BA17-81B632FC3FEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmp1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5298473D-8B34-42E6-BC32-69A3800972B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmp1000:-:*:*:*:*:*:*:*","matchCriteriaId":"2A1CF44E-FFC2-4DCB-8DC2-46422D912448"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmp2001_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0B53AF78-37B0-4D64-A7D3-1729D0248D61"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmp2001:-:*:*:*:*:*:*:*","matchCriteriaId":"560E36D2-27DB-4590-A879-C2071ED72641"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD4946C6-778F-4542-AB77-C9B86AF25C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6F1D604A-4530-42B3-80A0-58A82D658DDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm6850_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DE09FF94-7751-4EED-B269-C7BB056CA90C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm6850:-:*:*:*:*:*:*:*","matchCriteriaId":"02B1463D-EE74-42DC-95D5-D0F66260CB32"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm8845p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A205320E-6C60-4F6A-90D5-06CABAF0FDEA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm8845p:-:*:*:*:*:*:*:*","matchCriteriaId":"0FB8CE86-605E-4B3D-82E5-A55093ABCE5F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_elite_gen_5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"41070BDB-15E4-4DD7-A132-A14AA24978E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_elite_gen_5:-:*:*:*:*:*:*:*","matchCriteriaId":"102460A6-9637-4883-9230-2CC888D5D74E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"53E5BBDA-C07D-42E2-9A34-EC1F6454CAA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0BB2408F-C768-4DD2-B834-B62E188D6CC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A129620-8241-4A47-AAC8-CC7E10A09C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"4CEDD78E-124C-4216-9B57-3B7B53463659"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF9740EB-F82E-42EA-993E-A393B05CC6BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"022A5532-03F7-4FB8-BA0D-4221178C9486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CD6444F6-A477-4B4C-8A09-C22C47CCE45B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2250p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"68A93ED1-F509-439E-AE7B-F0EC87AE759F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2250p:-:*:*:*:*:*:*:*","matchCriteriaId":"FB5E2A98-EDD0-4298-911D-EC7527D5A424"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFDBB5B-0A4F-4032-874F-D2A7EF933FB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378:-:*:*:*:*:*:*:*","matchCriteriaId":"D28A12D6-CC60-4BE9-ADEE-FAB58B05440F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"699056F6-1517-4F25-AE07-4FFCF6923B9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*","matchCriteriaId":"E4C023D2-6FF5-4FFC-B9F2-895979166580"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6450_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FAFC9FA-E6EF-44C5-BD50-2824C7711541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6450:-:*:*:*:*:*:*:*","matchCriteriaId":"6F895CDD-F9BB-45AD-AE60-71F4549114A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7760_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"506C6CE1-6BDF-4542-82C1-820D10D8181A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7760:-:*:*:*:*:*:*:*","matchCriteriaId":"72F8CE3B-2BDC-40B1-BB04-A3A7E25B8096"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EB8794F-7998-424E-AF68-E4A4F9310F65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*","matchCriteriaId":"799D69CE-3FCC-4B19-8B00-9AF38111D983"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"63735D33-9F09-4841-9FE0-0D9AB604BECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7880:-:*:*:*:*:*:*:*","matchCriteriaId":"E826F765-4C2E-4319-BBC4-DEB02AAD783F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8850_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FA243934-7BFA-47AA-B78C-CCB25377E471"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8850:-:*:*:*:*:*:*:*","matchCriteriaId":"2FD65035-4D20-48D5-874E-47CD9C7A985C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8850w_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"22707187-A56D-48AD-800F-A438FD844546"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8850w:-:*:*:*:*:*:*:*","matchCriteriaId":"F526A54A-F974-4D0A-A1A6-FABBB6711CD0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8855c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"671E0B82-5D58-4644-8806-7F4CAFFB6641"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8855c:-:*:*:*:*:*:*:*","matchCriteriaId":"CC066321-B3CC-4E88-BFA9-414B8D095207"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-59617","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:52.653","lastModified":"2026-07-07T16:59:44.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon CCW","Snapdragon Compute","Snapdragon Consumer IOT","Snapdragon MC","Snapdragon Mobile"],"versions":[{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"Molokai","status":"affected"},{"version":"Orne","status":"affected"},{"version":"Pandeiro","status":"affected"},{"version":"QCM5430","status":"affected"},{"version":"QCM6490","status":"affected"},{"version":"QMP1000","status":"affected"},{"version":"QMP2001","status":"affected"},{"version":"Qualcomm Video Collaboration VC3 Platform","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"SD865 5G","status":"affected"},{"version":"SM6850","status":"affected"},{"version":"SM8845P","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Elite Gen 5","status":"affected"},{"version":"Snapdragon AR1 Gen 1 Platform","status":"affected"},{"version":"Snapdragon XR2 5G Platform","status":"affected"},{"version":"Snapdragon XR2+ Gen 1 Platform","status":"affected"},{"version":"SXR2230P","status":"affected"},{"version":"SXR2250P","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9378","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCD9395","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6450","status":"affected"},{"version":"WCN7760","status":"affected"},{"version":"WCN7860","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7880","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"WSA8850","status":"affected"},{"version":"WSA8850W","status":"affected"},{"version":"WSA8855C","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":5.3},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:25.967370Z","id":"CVE-2025-59617","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:molokai_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"27BCE022-2E7D-4F41-B8EF-6B2F906F75E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:molokai:-:*:*:*:*:*:*:*","matchCriteriaId":"4864D493-47A8-4389-9D9A-2ED5B995EF27"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:orne_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"19FB8345-BBFC-4E18-A4E6-64A159D7F65B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:orne:-:*:*:*:*:*:*:*","matchCriteriaId":"FFDA4056-3F1B-4F3A-BE59-1908BD3DE5E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23F8EF0C-BB48-47E1-A045-254D79388F75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*","matchCriteriaId":"058950FC-ED72-4E91-AE13-87E738ADC083"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*","matchCriteriaId":"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*","matchCriteriaId":"99AA0291-B822-4CAD-BA17-81B632FC3FEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmp1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5298473D-8B34-42E6-BC32-69A3800972B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmp1000:-:*:*:*:*:*:*:*","matchCriteriaId":"2A1CF44E-FFC2-4DCB-8DC2-46422D912448"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmp2001_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0B53AF78-37B0-4D64-A7D3-1729D0248D61"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmp2001:-:*:*:*:*:*:*:*","matchCriteriaId":"560E36D2-27DB-4590-A879-C2071ED72641"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD4946C6-778F-4542-AB77-C9B86AF25C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6F1D604A-4530-42B3-80A0-58A82D658DDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm6850_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DE09FF94-7751-4EED-B269-C7BB056CA90C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm6850:-:*:*:*:*:*:*:*","matchCriteriaId":"02B1463D-EE74-42DC-95D5-D0F66260CB32"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm8845p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A205320E-6C60-4F6A-90D5-06CABAF0FDEA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm8845p:-:*:*:*:*:*:*:*","matchCriteriaId":"0FB8CE86-605E-4B3D-82E5-A55093ABCE5F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_elite_gen_5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"41070BDB-15E4-4DD7-A132-A14AA24978E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_elite_gen_5:-:*:*:*:*:*:*:*","matchCriteriaId":"102460A6-9637-4883-9230-2CC888D5D74E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"53E5BBDA-C07D-42E2-9A34-EC1F6454CAA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0BB2408F-C768-4DD2-B834-B62E188D6CC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A129620-8241-4A47-AAC8-CC7E10A09C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"4CEDD78E-124C-4216-9B57-3B7B53463659"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF9740EB-F82E-42EA-993E-A393B05CC6BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"022A5532-03F7-4FB8-BA0D-4221178C9486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CD6444F6-A477-4B4C-8A09-C22C47CCE45B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2250p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"68A93ED1-F509-439E-AE7B-F0EC87AE759F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2250p:-:*:*:*:*:*:*:*","matchCriteriaId":"FB5E2A98-EDD0-4298-911D-EC7527D5A424"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFDBB5B-0A4F-4032-874F-D2A7EF933FB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378:-:*:*:*:*:*:*:*","matchCriteriaId":"D28A12D6-CC60-4BE9-ADEE-FAB58B05440F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"699056F6-1517-4F25-AE07-4FFCF6923B9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*","matchCriteriaId":"E4C023D2-6FF5-4FFC-B9F2-895979166580"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6450_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FAFC9FA-E6EF-44C5-BD50-2824C7711541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6450:-:*:*:*:*:*:*:*","matchCriteriaId":"6F895CDD-F9BB-45AD-AE60-71F4549114A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7760_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"506C6CE1-6BDF-4542-82C1-820D10D8181A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7760:-:*:*:*:*:*:*:*","matchCriteriaId":"72F8CE3B-2BDC-40B1-BB04-A3A7E25B8096"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EB8794F-7998-424E-AF68-E4A4F9310F65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*","matchCriteriaId":"799D69CE-3FCC-4B19-8B00-9AF38111D983"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"63735D33-9F09-4841-9FE0-0D9AB604BECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7880:-:*:*:*:*:*:*:*","matchCriteriaId":"E826F765-4C2E-4319-BBC4-DEB02AAD783F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8850_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FA243934-7BFA-47AA-B78C-CCB25377E471"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8850:-:*:*:*:*:*:*:*","matchCriteriaId":"2FD65035-4D20-48D5-874E-47CD9C7A985C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8850w_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"22707187-A56D-48AD-800F-A438FD844546"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8850w:-:*:*:*:*:*:*:*","matchCriteriaId":"F526A54A-F974-4D0A-A1A6-FABBB6711CD0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8855c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"671E0B82-5D58-4644-8806-7F4CAFFB6641"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8855c:-:*:*:*:*:*:*:*","matchCriteriaId":"CC066321-B3CC-4E88-BFA9-414B8D095207"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14468","sourceIdentifier":"security@hashicorp.com","published":"2026-07-06T21:16:53.000","lastModified":"2026-07-07T15:16:42.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in a module and then download them, potentially exposing sensitive files readable by the ingestion process. This vulnerability, CVE-2026-14468, is fixed in Terraform Enterprise v2.0.4 and v1.2.4."}],"affected":[{"source":"security@hashicorp.com","affectedData":[{"vendor":"HashiCorp","product":"Terraform Enterprise","defaultStatus":"unaffected","platforms":["64 bit","32 bit","x86","ARM","MacOS","Windows","Linux"],"versions":[{"version":"1.0.0","lessThan":"2.0.4","versionType":"semver","status":"affected","changes":[{"at":"1.2.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:52:23.618304Z","id":"CVE-2026-14468","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-17-terraform-enterprise-vulnerable-to-arbitrary-file-read/77549","source":"security@hashicorp.com"}]}},{"cve":{"id":"CVE-2026-14471","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-07-06T21:16:53.123","lastModified":"2026-07-07T14:16:28.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.\n\n\n\nTo remediate this issue, users should upgrade to version 1.0.13 or later."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"AWS","product":"MCP Gateway & Registry","defaultStatus":"unaffected","versions":[{"version":"1.0.3","lessThanOrEqual":"1.0.12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:44:46.382343Z","id":"CVE-2026-14471","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-052-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/agentic-community/mcp-gateway-registry/releases/tag/v1.0.13","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/agentic-community/mcp-gateway-registry/security/advisories/GHSA-79qc-vqfr-xx5q","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-21368","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:53.407","lastModified":"2026-07-07T16:50:09.200","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon Auto","Snapdragon Compute","Snapdragon Industrial IOT","Snapdragon Mobile"],"versions":[{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"G3x Gen 2","status":"affected"},{"version":"IQ9 Series Platform","status":"affected"},{"version":"LeMans_AU_LGIT","status":"affected"},{"version":"LeMansAU","status":"affected"},{"version":"Netrani","status":"affected"},{"version":"Pandeiro","status":"affected"},{"version":"QAM8255P","status":"affected"},{"version":"QAMSRV1H","status":"affected"},{"version":"QAMSRV1M","status":"affected"},{"version":"QCA6595","status":"affected"},{"version":"QCA6595AU","status":"affected"},{"version":"QCA6678AQ","status":"affected"},{"version":"QCA6698AQ","status":"affected"},{"version":"QCA6698AU","status":"affected"},{"version":"QCA6797AQ","status":"affected"},{"version":"QCM4490","status":"affected"},{"version":"QCM8838","status":"affected"},{"version":"QCS4490","status":"affected"},{"version":"QCS8550","status":"affected"},{"version":"QLN1083BD","status":"affected"},{"version":"QLN1086BD","status":"affected"},{"version":"QPA1083BD","status":"affected"},{"version":"QPA1086BD","status":"affected"},{"version":"QXM1093","status":"affected"},{"version":"QXM1094","status":"affected"},{"version":"QXM1095","status":"affected"},{"version":"QXM1096","status":"affected"},{"version":"SA7255P","status":"affected"},{"version":"SA7775P","status":"affected"},{"version":"SA8255P","status":"affected"},{"version":"SA8620P","status":"affected"},{"version":"SA8770P","status":"affected"},{"version":"SA9000P","status":"affected"},{"version":"SAR2130P","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"SD 8 Gen1 5G","status":"affected"},{"version":"SD865 5G","status":"affected"},{"version":"SDR753","status":"affected"},{"version":"SM7435","status":"affected"},{"version":"SM7525","status":"affected"},{"version":"SM7550","status":"affected"},{"version":"SM7550P","status":"affected"},{"version":"SM8550P","status":"affected"},{"version":"Snapdragon 4 Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 6 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 6 Gen 3 Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon 7 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Elite","status":"affected"},{"version":"Snapdragon 8 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon 8+ Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon AR1 Gen 1 Platform","status":"affected"},{"version":"Snapdragon XR2 5G Platform","status":"affected"},{"version":"Snapdragon XR2+ Gen 1 Platform","status":"affected"},{"version":"SRV1H","status":"affected"},{"version":"SRV1M","status":"affected"},{"version":"SXR2230P","status":"affected"},{"version":"SXR2330P","status":"affected"},{"version":"SXR2350P","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9371","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9378","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCD9390","status":"affected"},{"version":"WCD9395","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6450","status":"affected"},{"version":"WCN6650","status":"affected"},{"version":"WCN6755","status":"affected"},{"version":"WCN7860","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"X1E80100","status":"affected"},{"version":"XRV7209","status":"affected"},{"version":"XRV9209","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.1,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:28.131457Z","id":"CVE-2026-21368","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:g3x_gen_2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C167BE19-999E-4538-A23E-01F9C287A6C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:g3x_gen_2:-:*:*:*:*:*:*:*","matchCriteriaId":"1026CB5F-E30A-42DE-8432-74412CC8BA00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iq-9075_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"08431A88-C176-48BB-918C-DF3FEABE78D4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iq-9075:-:*:*:*:*:*:*:*","matchCriteriaId":"3C50A35E-023A-404D-BFBC-FFCD1F30E872"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C4CDD6A2-5A3C-4572-8CE1-2F102333BB79"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*","matchCriteriaId":"699E5D17-6144-4F0A-8D52-1E8C83990E52"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_4_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"55AECCCF-0761-46B6-B669-E73096679AFB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_4_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"7DE87CA2-160A-43BF-AC18-DA788501B5B4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_6_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EBB3BC1B-2EBC-457C-AE91-6BD408EB7D5F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_6_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0870CC30-07F8-4FFF-85B4-FBACE947CC14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_6_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D69E4203-EA20-4D6F-BD1C-C8E550588F87"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_6_gen_3_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"C1225010-5A08-4D13-A3E2-4C57C4265605"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_7_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"677D5A3F-2A0D-48F0-A1C5-B067BADFD11A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_7_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"CB79B015-A401-4FAD-8818-1475653C2B12"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_elite_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3EA50192-07B0-4404-93D4-EC4F3B1918B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_elite:-:*:*:*:*:*:*:*","matchCriteriaId":"26C7FC48-08CB-4E50-B8D3-8AF30549FDF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EB8FA32F-4690-4C5B-8968-474DA32FD0A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"59BD8BEA-725A-4158-84BE-4AFD476ED03D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"60F5899C-BA8D-4B6B-BC61-F77B1EB64739"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"D39AD7CE-A017-4D74-A348-9E4B08363799"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8\\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FEDF458-DEA7-42A1-A56D-E11250139545"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8\\+_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"D5693438-0F20-47BB-BA32-7175C3152368"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"53E5BBDA-C07D-42E2-9A34-EC1F6454CAA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0BB2408F-C768-4DD2-B834-B62E188D6CC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A129620-8241-4A47-AAC8-CC7E10A09C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"4CEDD78E-124C-4216-9B57-3B7B53463659"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF9740EB-F82E-42EA-993E-A393B05CC6BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"022A5532-03F7-4FB8-BA0D-4221178C9486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0CD199F5-DA68-4BEB-AA99-11572DA26B4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"8ACA2D4D-FC77-4C1A-8278-1C27B3EA3303"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4B29E7F-8BFE-466A-B357-63F8A2160C4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"6D55CC7D-2E65-4CA9-9892-B6FBCC087E6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CD6444F6-A477-4B4C-8A09-C22C47CCE45B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2330p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"568C5B08-AC42-48D3-8029-A65689EEBE75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2330p:-:*:*:*:*:*:*:*","matchCriteriaId":"56DD2B49-0A36-443C-BECB-4115E271A415"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2350p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AA54D269-A94D-47CB-B3F1-7B163E453A67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2350p:-:*:*:*:*:*:*:*","matchCriteriaId":"F1D79422-1EA3-459A-8C4A-8A0FBE386036"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9371_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2503805B-B2A6-4AEE-8AB1-2B8A040702BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9371:-:*:*:*:*:*:*:*","matchCriteriaId":"D3AD370C-2ED0-43CF-83D9-50DC92A01CA5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFDBB5B-0A4F-4032-874F-D2A7EF933FB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378:-:*:*:*:*:*:*:*","matchCriteriaId":"D28A12D6-CC60-4BE9-ADEE-FAB58B05440F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"896F1C04-9957-440F-BF01-C3772CC3B3DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*","matchCriteriaId":"A90555EB-47A7-4717-92D5-35B561825F06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"699056F6-1517-4F25-AE07-4FFCF6923B9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*","matchCriteriaId":"E4C023D2-6FF5-4FFC-B9F2-895979166580"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6450_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FAFC9FA-E6EF-44C5-BD50-2824C7711541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6450:-:*:*:*:*:*:*:*","matchCriteriaId":"6F895CDD-F9BB-45AD-AE60-71F4549114A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6650_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"93398092-AF7C-4F04-874C-7E5B4CF7AB00"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6650:-:*:*:*:*:*:*:*","matchCriteriaId":"7D242084-5844-4E43-8D7F-D2F8E3521F0C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2BC386D9-3D2B-40FA-A2D9-199BB138F46A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6755:-:*:*:*:*:*:*:*","matchCriteriaId":"133FFD9F-FA09-4801-939B-AD1D507BE5FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EB8794F-7998-424E-AF68-E4A4F9310F65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*","matchCriteriaId":"799D69CE-3FCC-4B19-8B00-9AF38111D983"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemans_au_lgit_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5767FE95-737F-4C20-A5AB-EC641A68D906"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemans_au_lgit:-:*:*:*:*:*:*:*","matchCriteriaId":"33323A49-9267-421B-96E1-80C5FA709EBC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemansau_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DF0ED3F-C98B-458E-ADCC-C922402BB185"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemansau:-:*:*:*:*:*:*:*","matchCriteriaId":"102A4B5E-1739-4C31-A626-ABF6B02FEE29"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:netrani_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9C52A53B-1182-47F3-9800-D8C58F954277"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:netrani:-:*:*:*:*:*:*:*","matchCriteriaId":"BEC1F084-78C8-4413-940A-47E9554CB6D0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23F8EF0C-BB48-47E1-A045-254D79388F75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*","matchCriteriaId":"058950FC-ED72-4E91-AE13-87E738ADC083"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3723C7B1-A7E2-401F-8D6D-189350F6BCA5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"B12B89EF-7B12-481E-BCBC-F12B9D16321A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F8673334-5E11-4E95-B33D-3029499F71DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"EC0B32F6-5EF0-4591-99D7-D0E9B09DEC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CE03AB2A-3ED9-4489-8E5B-4FCF8BAA8559"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"9E646738-6A87-4470-9640-6A5A1DF3AF78"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"643EC76D-2836-48E6-81DA-78C4883C33CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*","matchCriteriaId":"477F6529-4CE1-44FC-B6EE-D24D44C71AE7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"288F637F-22F8-47CF-B67F-C798A730A1BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*","matchCriteriaId":"D0996EA3-1C92-4933-BE34-9CF625E59FE7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6678aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D001127D-8160-42F0-B8B9-2FAA2976B530"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6678aq:-:*:*:*:*:*:*:*","matchCriteriaId":"C9EB615F-FD4C-450B-AB25-E936FD9816C4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5FA1F8F4-EAF2-4704-A8A6-19AD3CA1B577"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*","matchCriteriaId":"B3F7853D-09EE-476F-B48D-BB30AEB4A67D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6698au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3ACA09C0-84A5-493A-A9BD-EF95A8330D54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6698au:-:*:*:*:*:*:*:*","matchCriteriaId":"3A2397BD-431C-4730-92E3-17A5C2445A65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"797295C2-535C-46A9-A725-E1A5405F0436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6797aq:-:*:*:*:*:*:*:*","matchCriteriaId":"8BFC575E-594E-4711-94B1-2DC8D03B9AC4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DA506489-4338-44DF-8F92-12E60AF0048C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm4490:-:*:*:*:*:*:*:*","matchCriteriaId":"A8718C37-A82A-4A08-A887-3F22B37601A9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm8838_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C6535AE-8680-4AB9-ABF6-82DAE1795531"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm8838:-:*:*:*:*:*:*:*","matchCriteriaId":"9C3FEACB-1AE1-4BF2-9552-C31A32DCCA9B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3336CDD7-9E7B-4FFB-A5CE-594B19B63A6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs4490:-:*:*:*:*:*:*:*","matchCriteriaId":"1197E229-1E27-4CA3-A386-B77FAE5DFE1A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FFF23DDB-98A0-4343-ADD3-5AB9C2383E7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*","matchCriteriaId":"5ACB8AFB-5B91-4AA1-BA3A-1AF0B3503080"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FD70F234-1EE7-4362-97F6-5AEDB7078D03"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"C569A848-B70C-42EF-B6D5-4A86547586EE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F218DF06-C40A-4738-ABB5-A3FA2243EF84"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2A0CD0-66FA-45D6-BBC7-03641203EC73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B0208F7B-A959-485E-B004-A34CB7C7C4C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"FBDAC812-4603-4D24-A861-23825E32D44E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7F6DEF72-A8FF-4B67-AA6C-5CB4AA7B35E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"00EF6875-B088-40BD-A526-C962789CDC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1093_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9A46B609-BD06-4BB7-B055-1F71C555E93D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1093:-:*:*:*:*:*:*:*","matchCriteriaId":"59598462-1E53-4F6D-BAB5-06ACEDF6CD9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1094_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8F30D66E-2802-4394-BC39-5E04711234FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1094:-:*:*:*:*:*:*:*","matchCriteriaId":"078EC383-784F-4468-B94C-AE7CC9808419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1095_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7B67C93-0453-4696-8F3D-0AD664922C44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1095:-:*:*:*:*:*:*:*","matchCriteriaId":"D61C46AA-9130-46A8-BD04-8B4235118B81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1096_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2D5E44-48F6-41E8-A38B-A2E070E16AA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1096:-:*:*:*:*:*:*:*","matchCriteriaId":"9BD0372F-5140-4966-9A27-6B5A606C0665"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2B651F0A-34DA-400F-A376-B499BFDF8E86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7255p:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFF093D-98C8-470F-8330-E5126E06343A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6C32CA38-5D48-4108-9858-FD66E20CAF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7775p:-:*:*:*:*:*:*:*","matchCriteriaId":"E1997F8B-17B8-4DE3-BCF7-726928720592"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EC6E268D-C4AF-4950-9223-39EA36D538A8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"073C1A81-D02B-4F2F-9378-CD1B2DCE0E5B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8620p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6ACE6D64-A498-482F-8270-718F4884CFFD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8620p:-:*:*:*:*:*:*:*","matchCriteriaId":"B6E016D6-1B83-4261-A27E-1F9873F81E14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"781CCC31-C08F-499B-BE73-6C7DB70437AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*","matchCriteriaId":"75AFAA21-0589-4C6A-9418-34EE8A61BBAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A024AB04-B213-4018-A4C1-FA467C7BA775"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*","matchCriteriaId":"A2A8AB7C-5D34-4794-8C06-2193075B323F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sar2130p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95696696-D2AE-4358-AF5D-3ED14F969964"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sar2130p:-:*:*:*:*:*:*:*","matchCriteriaId":"1A6FC469-463F-4EC1-B4EF-010BDB9BAA05"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"76910884-45D9-4EA2-BA30-44A8C7CC1339"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd_8_gen1_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"33D393A6-4586-4416-86EB-F9D86DC3DED8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sdr753_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A49B142B-E8DC-4A79-B969-2C2FBE2E009A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sdr753:-:*:*:*:*:*:*:*","matchCriteriaId":"8A1A6C7D-EAB0-4D8D-9A3E-DA066F4ACF7D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7435_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F7A95A9E-617A-4D3A-9A4E-0C0A29B3C8B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7435:-:*:*:*:*:*:*:*","matchCriteriaId":"3559292E-B5A6-4F88-BC20-F6AA85F07C97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7525_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2410FF59-E0C0-4920-9656-C398DB06DEAE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7525:-:*:*:*:*:*:*:*","matchCriteriaId":"7D2B800C-4DBC-4028-875D-667C87D75247"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7550_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EEA5CE41-0596-4D38-9891-D1DF711EA7E9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7550:-:*:*:*:*:*:*:*","matchCriteriaId":"E1A901C6-FB73-4361-B391-4A4AF8C70029"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7550p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5C5D7E2C-0955-4B6E-96E4-CFA06D937492"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7550p:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1D0F33-AD5A-4826-9A06-EAD2A8709974"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x1e80100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"42F453E4-02CC-4E48-A25B-F1394069F524"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x1e80100:-:*:*:*:*:*:*:*","matchCriteriaId":"8A6671AE-3490-4D85-A20C-3DA26F7D7AEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv7209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC6C6243-E092-4903-BC20-E3B0CECBC790"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv7209:-:*:*:*:*:*:*:*","matchCriteriaId":"AAA33761-D61C-4A81-B233-5E2D50F3596F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv9209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3D693483-72F9-42B1-8EDA-8DABD537F428"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv9209:-:*:*:*:*:*:*:*","matchCriteriaId":"43F4A7D9-055D-475B-BFE4-61A86C7397F8"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21369","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:53.553","lastModified":"2026-07-07T16:49:34.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon Auto","Snapdragon Compute","Snapdragon Consumer IOT","Snapdragon Industrial IOT","Snapdragon Mobile","Snapdragon Wearables"],"versions":[{"version":"FastConnect 6200","status":"affected"},{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"G1 Gen 1","status":"affected"},{"version":"G3x Gen 2","status":"affected"},{"version":"IQ9 Series Platform","status":"affected"},{"version":"Kalpeni","status":"affected"},{"version":"LeMans_AU_LGIT","status":"affected"},{"version":"LeMansAU","status":"affected"},{"version":"Pandeiro","status":"affected"},{"version":"QAM8255P","status":"affected"},{"version":"QAM8295P","status":"affected"},{"version":"QAMSRV1H","status":"affected"},{"version":"QAMSRV1M","status":"affected"},{"version":"QCA6574AU","status":"affected"},{"version":"QCA6595","status":"affected"},{"version":"QCA6688AQ","status":"affected"},{"version":"QCA6696","status":"affected"},{"version":"QCA6698AQ","status":"affected"},{"version":"QCA6797AQ","status":"affected"},{"version":"QCA8695AU","status":"affected"},{"version":"QCM2290","status":"affected"},{"version":"QCM4325","status":"affected"},{"version":"QCM4490","status":"affected"},{"version":"QCM5430","status":"affected"},{"version":"QCM6490","status":"affected"},{"version":"QCM8838","status":"affected"},{"version":"QCS2290","status":"affected"},{"version":"QCS4290","status":"affected"},{"version":"QCS4490","status":"affected"},{"version":"QLN1083BD","status":"affected"},{"version":"QLN1086BD","status":"affected"},{"version":"QPA1083BD","status":"affected"},{"version":"QPA1086BD","status":"affected"},{"version":"Qualcomm Video Collaboration VC3 Platform","status":"affected"},{"version":"QXM1093","status":"affected"},{"version":"QXM1094","status":"affected"},{"version":"QXM1095","status":"affected"},{"version":"QXM1096","status":"affected"},{"version":"SA6155P","status":"affected"},{"version":"SA7255P","status":"affected"},{"version":"SA7775P","status":"affected"},{"version":"SA8155P","status":"affected"},{"version":"SA8195P","status":"affected"},{"version":"SA8255P","status":"affected"},{"version":"SA8295P","status":"affected"},{"version":"SA8620P","status":"affected"},{"version":"SA8770P","status":"affected"},{"version":"SA9000P","status":"affected"},{"version":"SAR2130P","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"SD662","status":"affected"},{"version":"SD865 5G","status":"affected"},{"version":"SDR753","status":"affected"},{"version":"SM6225P","status":"affected"},{"version":"SM7525","status":"affected"},{"version":"SM7550","status":"affected"},{"version":"SM7550P","status":"affected"},{"version":"SM8550P","status":"affected"},{"version":"Snapdragon 4 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 480 5G Mobile Platform","status":"affected"},{"version":"Snapdragon 480+ 5G Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon 680 4G Mobile Platform","status":"affected"},{"version":"Snapdragon 685 4G Mobile Platform","status":"affected"},{"version":"Snapdragon 695 5G Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Elite","status":"affected"},{"version":"Snapdragon 8 Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon 8+ Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon AR1 Gen 1 Platform","status":"affected"},{"version":"Snapdragon XR2 5G Platform","status":"affected"},{"version":"Snapdragon XR2+ Gen 1 Platform","status":"affected"},{"version":"Snapdragon Wear Elite platform","status":"affected"},{"version":"SRV1H","status":"affected"},{"version":"SRV1M","status":"affected"},{"version":"SXR2230P","status":"affected"},{"version":"SXR2330P","status":"affected"},{"version":"SXR2350P","status":"affected"},{"version":"Themisto","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9371","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9378","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCD9390","status":"affected"},{"version":"WCD9395","status":"affected"},{"version":"WCN3910","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6450","status":"affected"},{"version":"WCN6650","status":"affected"},{"version":"WCN6755","status":"affected"},{"version":"WCN7860","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"X1E80100","status":"affected"},{"version":"XRV7209","status":"affected"},{"version":"XRV9209","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.1,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:29.211167Z","id":"CVE-2026-21369","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CDE1CBDE-3D28-463C-B215-AA7DF373EF09"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6200:-:*:*:*:*:*:*:*","matchCriteriaId":"66BD3B88-7CF9-482D-A2DD-67F6ACF4CC57"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:g1_gen_1_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0556CCE6-B61B-4DE7-AD4B-333414280DF8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:g1_gen_1:-:*:*:*:*:*:*:*","matchCriteriaId":"CC734495-D935-40CC-9644-477E921F3EE0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"896F1C04-9957-440F-BF01-C3772CC3B3DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*","matchCriteriaId":"A90555EB-47A7-4717-92D5-35B561825F06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"699056F6-1517-4F25-AE07-4FFCF6923B9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*","matchCriteriaId":"E4C023D2-6FF5-4FFC-B9F2-895979166580"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9F0D7B24-D567-479A-B4F1-595FAA053418"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3910:-:*:*:*:*:*:*:*","matchCriteriaId":"33A8FAA1-F824-4561-9CCC-7F0DF12F740F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6450_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FAFC9FA-E6EF-44C5-BD50-2824C7711541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6450:-:*:*:*:*:*:*:*","matchCriteriaId":"6F895CDD-F9BB-45AD-AE60-71F4549114A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6650_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"93398092-AF7C-4F04-874C-7E5B4CF7AB00"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6650:-:*:*:*:*:*:*:*","matchCriteriaId":"7D242084-5844-4E43-8D7F-D2F8E3521F0C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2BC386D9-3D2B-40FA-A2D9-199BB138F46A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6755:-:*:*:*:*:*:*:*","matchCriteriaId":"133FFD9F-FA09-4801-939B-AD1D507BE5FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EB8794F-7998-424E-AF68-E4A4F9310F65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*","matchCriteriaId":"799D69CE-3FCC-4B19-8B00-9AF38111D983"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x1e80100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"42F453E4-02CC-4E48-A25B-F1394069F524"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x1e80100:-:*:*:*:*:*:*:*","matchCriteriaId":"8A6671AE-3490-4D85-A20C-3DA26F7D7AEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv7209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC6C6243-E092-4903-BC20-E3B0CECBC790"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv7209:-:*:*:*:*:*:*:*","matchCriteriaId":"AAA33761-D61C-4A81-B233-5E2D50F3596F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv9209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3D693483-72F9-42B1-8EDA-8DABD537F428"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv9209:-:*:*:*:*:*:*:*","matchCriteriaId":"43F4A7D9-055D-475B-BFE4-61A86C7397F8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:g3x_gen_2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C167BE19-999E-4538-A23E-01F9C287A6C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:g3x_gen_2:-:*:*:*:*:*:*:*","matchCriteriaId":"1026CB5F-E30A-42DE-8432-74412CC8BA00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iq-9075_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"08431A88-C176-48BB-918C-DF3FEABE78D4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iq-9075:-:*:*:*:*:*:*:*","matchCriteriaId":"3C50A35E-023A-404D-BFBC-FFCD1F30E872"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:kalpeni_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5A2D4C45-005F-4A02-BFD7-84893FF1A0E8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:kalpeni:-:*:*:*:*:*:*:*","matchCriteriaId":"B3178A79-485F-40DB-A71D-B29BD3875A7D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemans_au_lgit_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5767FE95-737F-4C20-A5AB-EC641A68D906"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemans_au_lgit:-:*:*:*:*:*:*:*","matchCriteriaId":"33323A49-9267-421B-96E1-80C5FA709EBC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemansau_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DF0ED3F-C98B-458E-ADCC-C922402BB185"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemansau:-:*:*:*:*:*:*:*","matchCriteriaId":"102A4B5E-1739-4C31-A626-ABF6B02FEE29"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23F8EF0C-BB48-47E1-A045-254D79388F75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*","matchCriteriaId":"058950FC-ED72-4E91-AE13-87E738ADC083"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3723C7B1-A7E2-401F-8D6D-189350F6BCA5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"B12B89EF-7B12-481E-BCBC-F12B9D16321A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C2D9E281-B382-41AC-84CB-5B1063E5AC51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*","matchCriteriaId":"44EBEBD5-98C3-493B-A108-FD4DE6FFBE97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F8673334-5E11-4E95-B33D-3029499F71DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"EC0B32F6-5EF0-4591-99D7-D0E9B09DEC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CE03AB2A-3ED9-4489-8E5B-4FCF8BAA8559"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"9E646738-6A87-4470-9640-6A5A1DF3AF78"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D527E2B1-2A46-4FBA-9F7A-F5543677C8FB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*","matchCriteriaId":"8374DDB3-D484-4141-AE0C-42333D2721F6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"643EC76D-2836-48E6-81DA-78C4883C33CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*","matchCriteriaId":"477F6529-4CE1-44FC-B6EE-D24D44C71AE7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6688aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AFBD264F-F24A-4CDD-B316-9514A61B91E7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6688aq:-:*:*:*:*:*:*:*","matchCriteriaId":"94CC5BC4-011D-4D2B-8891-97FBF61FD783"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0AE207DB-9770-40ED-961D-FDA75965826F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*","matchCriteriaId":"0E23922D-C37F-476F-A623-4C1458A9156F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5FA1F8F4-EAF2-4704-A8A6-19AD3CA1B577"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*","matchCriteriaId":"B3F7853D-09EE-476F-B48D-BB30AEB4A67D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"797295C2-535C-46A9-A725-E1A5405F0436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6797aq:-:*:*:*:*:*:*:*","matchCriteriaId":"8BFC575E-594E-4711-94B1-2DC8D03B9AC4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8695au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"55A21DB0-4722-4421-8E97-B0E31B93E53B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8695au:-:*:*:*:*:*:*:*","matchCriteriaId":"797B8944-61F0-4522-97FE-3C172369F477"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5AB1F0FA-25F3-4304-A3BC-5264E55CC092"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm2290:-:*:*:*:*:*:*:*","matchCriteriaId":"214A053F-D80C-4AD9-B4F1-83384095A3F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm4325_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F2D8044B-D4E5-4174-A0FB-478F8434EE8F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm4325:-:*:*:*:*:*:*:*","matchCriteriaId":"163FE96E-DF5B-4B67-8EDE-44A5B9A8492D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DA506489-4338-44DF-8F92-12E60AF0048C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm4490:-:*:*:*:*:*:*:*","matchCriteriaId":"A8718C37-A82A-4A08-A887-3F22B37601A9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*","matchCriteriaId":"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*","matchCriteriaId":"99AA0291-B822-4CAD-BA17-81B632FC3FEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm8838_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C6535AE-8680-4AB9-ABF6-82DAE1795531"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm8838:-:*:*:*:*:*:*:*","matchCriteriaId":"9C3FEACB-1AE1-4BF2-9552-C31A32DCCA9B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"93CDB7BC-89F2-4482-B8E3-9DDBD918C851"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs2290:-:*:*:*:*:*:*:*","matchCriteriaId":"76E03AE9-2485-449B-BCFD-3E452BB01FC6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"06789CB9-E6FA-400D-90B6-C2DB6C8EF153"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs4290:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB9F22-57F2-4327-95B9-B2342A02E45E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3336CDD7-9E7B-4FFB-A5CE-594B19B63A6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs4490:-:*:*:*:*:*:*:*","matchCriteriaId":"1197E229-1E27-4CA3-A386-B77FAE5DFE1A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FD70F234-1EE7-4362-97F6-5AEDB7078D03"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"C569A848-B70C-42EF-B6D5-4A86547586EE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F218DF06-C40A-4738-ABB5-A3FA2243EF84"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2A0CD0-66FA-45D6-BBC7-03641203EC73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B0208F7B-A959-485E-B004-A34CB7C7C4C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"FBDAC812-4603-4D24-A861-23825E32D44E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7F6DEF72-A8FF-4B67-AA6C-5CB4AA7B35E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"00EF6875-B088-40BD-A526-C962789CDC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD4946C6-778F-4542-AB77-C9B86AF25C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6F1D604A-4530-42B3-80A0-58A82D658DDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1093_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9A46B609-BD06-4BB7-B055-1F71C555E93D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1093:-:*:*:*:*:*:*:*","matchCriteriaId":"59598462-1E53-4F6D-BAB5-06ACEDF6CD9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1094_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8F30D66E-2802-4394-BC39-5E04711234FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1094:-:*:*:*:*:*:*:*","matchCriteriaId":"078EC383-784F-4468-B94C-AE7CC9808419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1095_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7B67C93-0453-4696-8F3D-0AD664922C44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1095:-:*:*:*:*:*:*:*","matchCriteriaId":"D61C46AA-9130-46A8-BD04-8B4235118B81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1096_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2D5E44-48F6-41E8-A38B-A2E070E16AA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1096:-:*:*:*:*:*:*:*","matchCriteriaId":"9BD0372F-5140-4966-9A27-6B5A606C0665"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*","matchCriteriaId":"0514D433-162C-4680-8912-721D19BE6201"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2B651F0A-34DA-400F-A376-B499BFDF8E86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7255p:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFF093D-98C8-470F-8330-E5126E06343A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6C32CA38-5D48-4108-9858-FD66E20CAF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7775p:-:*:*:*:*:*:*:*","matchCriteriaId":"E1997F8B-17B8-4DE3-BCF7-726928720592"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C8648B38-2597-401A-8F53-D582FA911569"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*","matchCriteriaId":"A01CD59B-8F21-4CD6-8A1A-7B37547A8715"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"51BC0A66-493B-43BE-B51F-640BDF2FF32E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*","matchCriteriaId":"D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EC6E268D-C4AF-4950-9223-39EA36D538A8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"073C1A81-D02B-4F2F-9378-CD1B2DCE0E5B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2A19659B-A0C3-44B7-8D54-BA21729873A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*","matchCriteriaId":"F978041A-CE28-4BDF-A7DB-F0360F1A5F14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8620p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6ACE6D64-A498-482F-8270-718F4884CFFD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8620p:-:*:*:*:*:*:*:*","matchCriteriaId":"B6E016D6-1B83-4261-A27E-1F9873F81E14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"781CCC31-C08F-499B-BE73-6C7DB70437AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*","matchCriteriaId":"75AFAA21-0589-4C6A-9418-34EE8A61BBAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A024AB04-B213-4018-A4C1-FA467C7BA775"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*","matchCriteriaId":"A2A8AB7C-5D34-4794-8C06-2193075B323F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sar2130p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95696696-D2AE-4358-AF5D-3ED14F969964"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sar2130p:-:*:*:*:*:*:*:*","matchCriteriaId":"1A6FC469-463F-4EC1-B4EF-010BDB9BAA05"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C7BE7001-5539-4C5E-A064-6E62023803AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd662:-:*:*:*:*:*:*:*","matchCriteriaId":"06661DAC-5D22-433E-B5EC-486931E265B4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sdr753_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A49B142B-E8DC-4A79-B969-2C2FBE2E009A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sdr753:-:*:*:*:*:*:*:*","matchCriteriaId":"8A1A6C7D-EAB0-4D8D-9A3E-DA066F4ACF7D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm6225p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8D2B7D93-4218-4FFF-B1C0-F50EC0B2B934"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm6225p:-:*:*:*:*:*:*:*","matchCriteriaId":"00D9DCE1-B3CD-4F45-97DD-637AA27572DD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7525_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2410FF59-E0C0-4920-9656-C398DB06DEAE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7525:-:*:*:*:*:*:*:*","matchCriteriaId":"7D2B800C-4DBC-4028-875D-667C87D75247"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7550_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EEA5CE41-0596-4D38-9891-D1DF711EA7E9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7550:-:*:*:*:*:*:*:*","matchCriteriaId":"E1A901C6-FB73-4361-B391-4A4AF8C70029"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7550p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5C5D7E2C-0955-4B6E-96E4-CFA06D937492"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7550p:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1D0F33-AD5A-4826-9A06-EAD2A8709974"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C4CDD6A2-5A3C-4572-8CE1-2F102333BB79"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*","matchCriteriaId":"699E5D17-6144-4F0A-8D52-1E8C83990E52"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2CCBF666-CB4E-44E1-9676-6891EDC73578"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_4_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"C767AB6A-1A8C-406C-A600-96A816F44E2F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA3F11F3-C9F4-460D-BD77-1BFBCC1F0592"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_480_5g_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"25673A10-D99C-4F67-BDA7-9C2E4A70EF9C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_480\\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"50906EF2-01F7-4E97-9F49-F892DF41CB29"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_480\\+_5g_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"B23A89FF-9C94-40C6-B9B7-3E8354777916"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8D0ED00F-1345-43AD-83C6-E979890B84AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_680_4g_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"92C28019-B57D-4487-B551-F7B53395C6E5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C174F07D-0E33-43FD-9BAD-6C6D8B51B6A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_685_4g_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"47311B68-A07F-448B-99D5-9C92C8127A81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A9A2DA11-5E4E-4E36-923C-A2D3CC2F2751"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_695_5g_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"BE7DFAD4-1D21-4A3A-9E8C-10F00AD7C403"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_elite_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3EA50192-07B0-4404-93D4-EC4F3B1918B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_elite:-:*:*:*:*:*:*:*","matchCriteriaId":"26C7FC48-08CB-4E50-B8D3-8AF30549FDF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"60F5899C-BA8D-4B6B-BC61-F77B1EB64739"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"D39AD7CE-A017-4D74-A348-9E4B08363799"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8\\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FEDF458-DEA7-42A1-A56D-E11250139545"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8\\+_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"D5693438-0F20-47BB-BA32-7175C3152368"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"53E5BBDA-C07D-42E2-9A34-EC1F6454CAA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0BB2408F-C768-4DD2-B834-B62E188D6CC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A129620-8241-4A47-AAC8-CC7E10A09C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"4CEDD78E-124C-4216-9B57-3B7B53463659"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF9740EB-F82E-42EA-993E-A393B05CC6BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"022A5532-03F7-4FB8-BA0D-4221178C9486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_wear_elite_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"21C295D3-AC5D-4DFC-A0B1-3B5F7C08DC46"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_wear_elite_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"A32D44E3-02FC-47AA-B6FF-E87F5866E453"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0CD199F5-DA68-4BEB-AA99-11572DA26B4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"8ACA2D4D-FC77-4C1A-8278-1C27B3EA3303"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4B29E7F-8BFE-466A-B357-63F8A2160C4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"6D55CC7D-2E65-4CA9-9892-B6FBCC087E6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CD6444F6-A477-4B4C-8A09-C22C47CCE45B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2330p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"568C5B08-AC42-48D3-8029-A65689EEBE75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2330p:-:*:*:*:*:*:*:*","matchCriteriaId":"56DD2B49-0A36-443C-BECB-4115E271A415"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2350p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AA54D269-A94D-47CB-B3F1-7B163E453A67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2350p:-:*:*:*:*:*:*:*","matchCriteriaId":"F1D79422-1EA3-459A-8C4A-8A0FBE386036"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:themisto_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"55DE7B27-56A2-4046-9E03-8215587C8827"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:themisto:-:*:*:*:*:*:*:*","matchCriteriaId":"0853EA22-4EFD-4037-8B83-CB7C18417D23"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9371_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2503805B-B2A6-4AEE-8AB1-2B8A040702BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9371:-:*:*:*:*:*:*:*","matchCriteriaId":"D3AD370C-2ED0-43CF-83D9-50DC92A01CA5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFDBB5B-0A4F-4032-874F-D2A7EF933FB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378:-:*:*:*:*:*:*:*","matchCriteriaId":"D28A12D6-CC60-4BE9-ADEE-FAB58B05440F"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21370","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:53.707","lastModified":"2026-07-07T16:47:47.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon Auto","Snapdragon Compute","Snapdragon Industrial IOT","Snapdragon Mobile"],"versions":[{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"G3x Gen 2","status":"affected"},{"version":"IQ9 Series Platform","status":"affected"},{"version":"LeMans_AU_LGIT","status":"affected"},{"version":"LeMansAU","status":"affected"},{"version":"Netrani","status":"affected"},{"version":"Pandeiro","status":"affected"},{"version":"QAM8255P","status":"affected"},{"version":"QAMSRV1H","status":"affected"},{"version":"QAMSRV1M","status":"affected"},{"version":"QCA6595","status":"affected"},{"version":"QCA6595AU","status":"affected"},{"version":"QCA6678AQ","status":"affected"},{"version":"QCA6698AQ","status":"affected"},{"version":"QCA6698AU","status":"affected"},{"version":"QCA6797AQ","status":"affected"},{"version":"QCM4490","status":"affected"},{"version":"QCM8838","status":"affected"},{"version":"QCS4490","status":"affected"},{"version":"QCS8550","status":"affected"},{"version":"QLN1083BD","status":"affected"},{"version":"QLN1086BD","status":"affected"},{"version":"QPA1083BD","status":"affected"},{"version":"QPA1086BD","status":"affected"},{"version":"QXM1093","status":"affected"},{"version":"QXM1094","status":"affected"},{"version":"QXM1095","status":"affected"},{"version":"QXM1096","status":"affected"},{"version":"SA7255P","status":"affected"},{"version":"SA7775P","status":"affected"},{"version":"SA8255P","status":"affected"},{"version":"SA8620P","status":"affected"},{"version":"SA8770P","status":"affected"},{"version":"SA9000P","status":"affected"},{"version":"SAR2130P","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"SD 8 Gen1 5G","status":"affected"},{"version":"SD865 5G","status":"affected"},{"version":"SDR753","status":"affected"},{"version":"SM7435","status":"affected"},{"version":"SM7525","status":"affected"},{"version":"SM7550","status":"affected"},{"version":"SM7550P","status":"affected"},{"version":"SM8550P","status":"affected"},{"version":"Snapdragon 4 Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 6 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 6 Gen 3 Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon 7 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Elite","status":"affected"},{"version":"Snapdragon 8 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon 8+ Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon AR1 Gen 1 Platform","status":"affected"},{"version":"Snapdragon XR2 5G Platform","status":"affected"},{"version":"Snapdragon XR2+ Gen 1 Platform","status":"affected"},{"version":"SRV1H","status":"affected"},{"version":"SRV1M","status":"affected"},{"version":"SXR2230P","status":"affected"},{"version":"SXR2330P","status":"affected"},{"version":"SXR2350P","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9371","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9378","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCD9390","status":"affected"},{"version":"WCD9395","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6450","status":"affected"},{"version":"WCN6650","status":"affected"},{"version":"WCN6755","status":"affected"},{"version":"WCN7860","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"X1E80100","status":"affected"},{"version":"XRV7209","status":"affected"},{"version":"XRV9209","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.1,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:30.364147Z","id":"CVE-2026-21370","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:g3x_gen_2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C167BE19-999E-4538-A23E-01F9C287A6C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:g3x_gen_2:-:*:*:*:*:*:*:*","matchCriteriaId":"1026CB5F-E30A-42DE-8432-74412CC8BA00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iq-9075_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"08431A88-C176-48BB-918C-DF3FEABE78D4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iq-9075:-:*:*:*:*:*:*:*","matchCriteriaId":"3C50A35E-023A-404D-BFBC-FFCD1F30E872"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemans_au_lgit_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5767FE95-737F-4C20-A5AB-EC641A68D906"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemans_au_lgit:-:*:*:*:*:*:*:*","matchCriteriaId":"33323A49-9267-421B-96E1-80C5FA709EBC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemansau_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DF0ED3F-C98B-458E-ADCC-C922402BB185"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemansau:-:*:*:*:*:*:*:*","matchCriteriaId":"102A4B5E-1739-4C31-A626-ABF6B02FEE29"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:netrani_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9C52A53B-1182-47F3-9800-D8C58F954277"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:netrani:-:*:*:*:*:*:*:*","matchCriteriaId":"BEC1F084-78C8-4413-940A-47E9554CB6D0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23F8EF0C-BB48-47E1-A045-254D79388F75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*","matchCriteriaId":"058950FC-ED72-4E91-AE13-87E738ADC083"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3723C7B1-A7E2-401F-8D6D-189350F6BCA5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"B12B89EF-7B12-481E-BCBC-F12B9D16321A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F8673334-5E11-4E95-B33D-3029499F71DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"EC0B32F6-5EF0-4591-99D7-D0E9B09DEC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CE03AB2A-3ED9-4489-8E5B-4FCF8BAA8559"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"9E646738-6A87-4470-9640-6A5A1DF3AF78"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"643EC76D-2836-48E6-81DA-78C4883C33CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*","matchCriteriaId":"477F6529-4CE1-44FC-B6EE-D24D44C71AE7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"288F637F-22F8-47CF-B67F-C798A730A1BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*","matchCriteriaId":"D0996EA3-1C92-4933-BE34-9CF625E59FE7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6678aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D001127D-8160-42F0-B8B9-2FAA2976B530"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6678aq:-:*:*:*:*:*:*:*","matchCriteriaId":"C9EB615F-FD4C-450B-AB25-E936FD9816C4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5FA1F8F4-EAF2-4704-A8A6-19AD3CA1B577"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*","matchCriteriaId":"B3F7853D-09EE-476F-B48D-BB30AEB4A67D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6698au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3ACA09C0-84A5-493A-A9BD-EF95A8330D54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6698au:-:*:*:*:*:*:*:*","matchCriteriaId":"3A2397BD-431C-4730-92E3-17A5C2445A65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"797295C2-535C-46A9-A725-E1A5405F0436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6797aq:-:*:*:*:*:*:*:*","matchCriteriaId":"8BFC575E-594E-4711-94B1-2DC8D03B9AC4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DA506489-4338-44DF-8F92-12E60AF0048C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm4490:-:*:*:*:*:*:*:*","matchCriteriaId":"A8718C37-A82A-4A08-A887-3F22B37601A9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm8838_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C6535AE-8680-4AB9-ABF6-82DAE1795531"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm8838:-:*:*:*:*:*:*:*","matchCriteriaId":"9C3FEACB-1AE1-4BF2-9552-C31A32DCCA9B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3336CDD7-9E7B-4FFB-A5CE-594B19B63A6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs4490:-:*:*:*:*:*:*:*","matchCriteriaId":"1197E229-1E27-4CA3-A386-B77FAE5DFE1A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FFF23DDB-98A0-4343-ADD3-5AB9C2383E7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*","matchCriteriaId":"5ACB8AFB-5B91-4AA1-BA3A-1AF0B3503080"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FD70F234-1EE7-4362-97F6-5AEDB7078D03"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"C569A848-B70C-42EF-B6D5-4A86547586EE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F218DF06-C40A-4738-ABB5-A3FA2243EF84"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2A0CD0-66FA-45D6-BBC7-03641203EC73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B0208F7B-A959-485E-B004-A34CB7C7C4C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"FBDAC812-4603-4D24-A861-23825E32D44E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7F6DEF72-A8FF-4B67-AA6C-5CB4AA7B35E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"00EF6875-B088-40BD-A526-C962789CDC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1093_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9A46B609-BD06-4BB7-B055-1F71C555E93D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1093:-:*:*:*:*:*:*:*","matchCriteriaId":"59598462-1E53-4F6D-BAB5-06ACEDF6CD9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1094_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8F30D66E-2802-4394-BC39-5E04711234FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1094:-:*:*:*:*:*:*:*","matchCriteriaId":"078EC383-784F-4468-B94C-AE7CC9808419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1095_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7B67C93-0453-4696-8F3D-0AD664922C44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1095:-:*:*:*:*:*:*:*","matchCriteriaId":"D61C46AA-9130-46A8-BD04-8B4235118B81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1096_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2D5E44-48F6-41E8-A38B-A2E070E16AA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1096:-:*:*:*:*:*:*:*","matchCriteriaId":"9BD0372F-5140-4966-9A27-6B5A606C0665"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2B651F0A-34DA-400F-A376-B499BFDF8E86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7255p:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFF093D-98C8-470F-8330-E5126E06343A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6C32CA38-5D48-4108-9858-FD66E20CAF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7775p:-:*:*:*:*:*:*:*","matchCriteriaId":"E1997F8B-17B8-4DE3-BCF7-726928720592"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EC6E268D-C4AF-4950-9223-39EA36D538A8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"073C1A81-D02B-4F2F-9378-CD1B2DCE0E5B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8620p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6ACE6D64-A498-482F-8270-718F4884CFFD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8620p:-:*:*:*:*:*:*:*","matchCriteriaId":"B6E016D6-1B83-4261-A27E-1F9873F81E14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"781CCC31-C08F-499B-BE73-6C7DB70437AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*","matchCriteriaId":"75AFAA21-0589-4C6A-9418-34EE8A61BBAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A024AB04-B213-4018-A4C1-FA467C7BA775"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*","matchCriteriaId":"A2A8AB7C-5D34-4794-8C06-2193075B323F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sar2130p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95696696-D2AE-4358-AF5D-3ED14F969964"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sar2130p:-:*:*:*:*:*:*:*","matchCriteriaId":"1A6FC469-463F-4EC1-B4EF-010BDB9BAA05"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"76910884-45D9-4EA2-BA30-44A8C7CC1339"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd_8_gen1_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"33D393A6-4586-4416-86EB-F9D86DC3DED8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sdr753_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A49B142B-E8DC-4A79-B969-2C2FBE2E009A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sdr753:-:*:*:*:*:*:*:*","matchCriteriaId":"8A1A6C7D-EAB0-4D8D-9A3E-DA066F4ACF7D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7435_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F7A95A9E-617A-4D3A-9A4E-0C0A29B3C8B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7435:-:*:*:*:*:*:*:*","matchCriteriaId":"3559292E-B5A6-4F88-BC20-F6AA85F07C97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7525_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2410FF59-E0C0-4920-9656-C398DB06DEAE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7525:-:*:*:*:*:*:*:*","matchCriteriaId":"7D2B800C-4DBC-4028-875D-667C87D75247"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7550_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EEA5CE41-0596-4D38-9891-D1DF711EA7E9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7550:-:*:*:*:*:*:*:*","matchCriteriaId":"E1A901C6-FB73-4361-B391-4A4AF8C70029"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7550p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5C5D7E2C-0955-4B6E-96E4-CFA06D937492"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7550p:-:*:*:*:*:*:*:*","matchCriteriaId":"9D1D0F33-AD5A-4826-9A06-EAD2A8709974"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C4CDD6A2-5A3C-4572-8CE1-2F102333BB79"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*","matchCriteriaId":"699E5D17-6144-4F0A-8D52-1E8C83990E52"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_4_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"55AECCCF-0761-46B6-B669-E73096679AFB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_4_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"7DE87CA2-160A-43BF-AC18-DA788501B5B4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_6_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EBB3BC1B-2EBC-457C-AE91-6BD408EB7D5F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_6_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0870CC30-07F8-4FFF-85B4-FBACE947CC14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_6_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D69E4203-EA20-4D6F-BD1C-C8E550588F87"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_6_gen_3_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"C1225010-5A08-4D13-A3E2-4C57C4265605"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_7_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"677D5A3F-2A0D-48F0-A1C5-B067BADFD11A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_7_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"CB79B015-A401-4FAD-8818-1475653C2B12"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_elite_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3EA50192-07B0-4404-93D4-EC4F3B1918B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_elite:-:*:*:*:*:*:*:*","matchCriteriaId":"26C7FC48-08CB-4E50-B8D3-8AF30549FDF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EB8FA32F-4690-4C5B-8968-474DA32FD0A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"59BD8BEA-725A-4158-84BE-4AFD476ED03D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"60F5899C-BA8D-4B6B-BC61-F77B1EB64739"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"D39AD7CE-A017-4D74-A348-9E4B08363799"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8\\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FEDF458-DEA7-42A1-A56D-E11250139545"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8\\+_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"D5693438-0F20-47BB-BA32-7175C3152368"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"53E5BBDA-C07D-42E2-9A34-EC1F6454CAA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0BB2408F-C768-4DD2-B834-B62E188D6CC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A129620-8241-4A47-AAC8-CC7E10A09C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"4CEDD78E-124C-4216-9B57-3B7B53463659"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF9740EB-F82E-42EA-993E-A393B05CC6BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"022A5532-03F7-4FB8-BA0D-4221178C9486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0CD199F5-DA68-4BEB-AA99-11572DA26B4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"8ACA2D4D-FC77-4C1A-8278-1C27B3EA3303"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4B29E7F-8BFE-466A-B357-63F8A2160C4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"6D55CC7D-2E65-4CA9-9892-B6FBCC087E6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CD6444F6-A477-4B4C-8A09-C22C47CCE45B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2330p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"568C5B08-AC42-48D3-8029-A65689EEBE75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2330p:-:*:*:*:*:*:*:*","matchCriteriaId":"56DD2B49-0A36-443C-BECB-4115E271A415"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2350p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AA54D269-A94D-47CB-B3F1-7B163E453A67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2350p:-:*:*:*:*:*:*:*","matchCriteriaId":"F1D79422-1EA3-459A-8C4A-8A0FBE386036"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9371_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2503805B-B2A6-4AEE-8AB1-2B8A040702BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9371:-:*:*:*:*:*:*:*","matchCriteriaId":"D3AD370C-2ED0-43CF-83D9-50DC92A01CA5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFDBB5B-0A4F-4032-874F-D2A7EF933FB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378:-:*:*:*:*:*:*:*","matchCriteriaId":"D28A12D6-CC60-4BE9-ADEE-FAB58B05440F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"896F1C04-9957-440F-BF01-C3772CC3B3DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*","matchCriteriaId":"A90555EB-47A7-4717-92D5-35B561825F06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"699056F6-1517-4F25-AE07-4FFCF6923B9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*","matchCriteriaId":"E4C023D2-6FF5-4FFC-B9F2-895979166580"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6450_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1FAFC9FA-E6EF-44C5-BD50-2824C7711541"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6450:-:*:*:*:*:*:*:*","matchCriteriaId":"6F895CDD-F9BB-45AD-AE60-71F4549114A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6650_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"93398092-AF7C-4F04-874C-7E5B4CF7AB00"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6650:-:*:*:*:*:*:*:*","matchCriteriaId":"7D242084-5844-4E43-8D7F-D2F8E3521F0C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2BC386D9-3D2B-40FA-A2D9-199BB138F46A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6755:-:*:*:*:*:*:*:*","matchCriteriaId":"133FFD9F-FA09-4801-939B-AD1D507BE5FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EB8794F-7998-424E-AF68-E4A4F9310F65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*","matchCriteriaId":"799D69CE-3FCC-4B19-8B00-9AF38111D983"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x1e80100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"42F453E4-02CC-4E48-A25B-F1394069F524"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x1e80100:-:*:*:*:*:*:*:*","matchCriteriaId":"8A6671AE-3490-4D85-A20C-3DA26F7D7AEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv7209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC6C6243-E092-4903-BC20-E3B0CECBC790"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv7209:-:*:*:*:*:*:*:*","matchCriteriaId":"AAA33761-D61C-4A81-B233-5E2D50F3596F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv9209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3D693483-72F9-42B1-8EDA-8DABD537F428"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv9209:-:*:*:*:*:*:*:*","matchCriteriaId":"43F4A7D9-055D-475B-BFE4-61A86C7397F8"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21379","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:53.850","lastModified":"2026-07-07T16:45:53.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when allocating memory with sizes that exceed the maximum allowed value."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"],"versions":[{"version":"AQT1000","status":"affected"},{"version":"Cologne","status":"affected"},{"version":"FastConnect 6200","status":"affected"},{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6800","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"IQX5121","status":"affected"},{"version":"IQX7181","status":"affected"},{"version":"QCA0000","status":"affected"},{"version":"QCA6391","status":"affected"},{"version":"QCA6420","status":"affected"},{"version":"QCA6430","status":"affected"},{"version":"QCM5430","status":"affected"},{"version":"QCM6490","status":"affected"},{"version":"Qualcomm Video Collaboration VC3 Platform","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"Snapdragon 7c+ Gen 3 Compute","status":"affected"},{"version":"Snapdragon 8c Compute Platform \"Poipu Lite\"","status":"affected"},{"version":"Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\"","status":"affected"},{"version":"Snapdragon 8cx Compute Platform","status":"affected"},{"version":"Snapdragon 8cx Compute Platform \"Poipu Pro\"","status":"affected"},{"version":"Snapdragon 8cx Gen 2 5G Compute Platform","status":"affected"},{"version":"Snapdragon 8cx Gen 2 5G Compute Platform \"Poipu Pro\"","status":"affected"},{"version":"Snapdragon 8cx Gen 3 Compute Platform","status":"affected"},{"version":"WCD9340","status":"affected"},{"version":"WCD9341","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9378C","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"X2000077","status":"affected"},{"version":"X2000086","status":"affected"},{"version":"X2000090","status":"affected"},{"version":"X2000092","status":"affected"},{"version":"X2000094","status":"affected"},{"version":"XG101002","status":"affected"},{"version":"XG101032","status":"affected"},{"version":"XG101039","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-21379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-126"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EC6FCE91-BF38-49ED-8FFB-429BAFEE7832"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*","matchCriteriaId":"715A9F94-5F9E-45E5-B07B-699410C01478"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:cologne_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8FF959C0-5AAB-4DC5-AE8F-4EFA21A00B5E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:cologne:-:*:*:*:*:*:*:*","matchCriteriaId":"E31E0C48-FB61-47C8-B28B-3A701E85E126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CDE1CBDE-3D28-463C-B215-AA7DF373EF09"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6200:-:*:*:*:*:*:*:*","matchCriteriaId":"66BD3B88-7CF9-482D-A2DD-67F6ACF4CC57"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D89F035A-2388-48FC-AEBB-8429C6880F4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*","matchCriteriaId":"CA13EF4E-AAE6-45F4-9E41-78310E37CE81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iqx5121_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"499A2520-436C-4B12-849D-98B94088CCDE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iqx5121:-:*:*:*:*:*:*:*","matchCriteriaId":"4C34A825-C928-4F8F-B076-19F8787A3440"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iqx7181_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F58C10B5-2BB1-4A8F-AF4B-2EC791C9FBBE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iqx7181:-:*:*:*:*:*:*:*","matchCriteriaId":"9EE22328-BBF8-473C-8F89-58AEF8CC9D75"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca0000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC941093-1A7C-47B2-AB3B-05AE4AE2FBE4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca0000:-:*:*:*:*:*:*:*","matchCriteriaId":"7A2AA834-C17C-4E0E-A510-795818041E47"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"83B53119-1B2F-4978-B7F5-33B84BE73B68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*","matchCriteriaId":"6FEBC0C5-CAA1-475C-96C2-B8D24B2E4536"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7E16994A-6DBA-426C-ADD2-B1E8B49FEDBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6420:-:*:*:*:*:*:*:*","matchCriteriaId":"47E674DE-55AB-44E5-8E00-C804FC9D4DC0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95AFC483-1468-43FC-96FA-A56165C290E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A963FDF-6FF4-4F48-834E-2A14D241716D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*","matchCriteriaId":"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*","matchCriteriaId":"99AA0291-B822-4CAD-BA17-81B632FC3FEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD4946C6-778F-4542-AB77-C9B86AF25C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6F1D604A-4530-42B3-80A0-58A82D658DDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_7c\\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C4A050CA-8514-400A-A6B3-F513CC93CA14"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_7c\\+_gen_3_compute:-:*:*:*:*:*:*:*","matchCriteriaId":"BD850305-1E76-4952-A3FB-F6229CBF7FE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DC63E59F-CB68-435C-B1A4-7DA5D722142F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"088D62A3-1FE5-42D6-9231-41DDE4DA37EF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_\\(sc8180xp-ad\\)_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E81ADBDE-BC6C-4FA2-B33F-553A8E42BB9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform_\\(sc8180xp-ad\\):-:*:*:*:*:*:*:*","matchCriteriaId":"F7A79274-E042-47F0-82C1-F3FFEF0BC058"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"36903AF3-4E2D-4990-B021-A1D980229077"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"472928D4-90F4-402D-B1F2-0CE358326A10"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\\\"poipu_pro\\\"_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C0D26DE7-964B-4B01-90E1-1D1E87522940"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_\\\"poipu_pro\\\":-:*:*:*:*:*:*:*","matchCriteriaId":"651EE0A5-D583-4D99-89B0-A81A51EAF46B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C7ACDB5B-A32C-43A1-9086-D081E9FFF9AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"583E50CC-2017-4092-A21E-7AAC53F53A25"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\\\"poipu_pro\\\"_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"969BA39F-1068-49F3-8EF2-A5F64C5A57DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\\\"poipu_pro\\\":-:*:*:*:*:*:*:*","matchCriteriaId":"A7A57DE6-615E-45C5-9CCD-2A12905EC368"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C155F86-467F-4B57-950E-12FAAB570B01"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"71E06B94-9463-49A6-B816-E8A82BEA8545"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8BA28CC6-C8BB-4F50-BFE3-A59F664A4F54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*","matchCriteriaId":"94D2BDF1-764C-48BA-8944-3275E8768078"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CE852339-1CAE-4983-9757-8F00EDEF1141"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*","matchCriteriaId":"4D9E96B3-F1BB-46F8-B715-7DF90180F1E1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95D79E3A-1978-4B23-B60B-2BD47FEDF5C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378c:-:*:*:*:*:*:*:*","matchCriteriaId":"91B32C89-3238-4FDF-BB3F-F6BAE829769B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000077_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A91D253E-0E24-474F-B016-0AC783812EBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000077:-:*:*:*:*:*:*:*","matchCriteriaId":"DF588C55-E61D-46C6-98C3-647748AB0192"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000086_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E763DC2C-2D41-483D-8763-8518AAFC8B09"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000086:-:*:*:*:*:*:*:*","matchCriteriaId":"2DD6A8C6-F716-42F3-A16A-70CDD2F72BCD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000090_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"21436FFF-DC3A-4279-85BB-1D2F9D270FFC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000090:-:*:*:*:*:*:*:*","matchCriteriaId":"991A3700-C97D-4495-8281-A11E0472930C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000092_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E23F8167-8C43-4CCC-B95B-1BF8462E1E90"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000092:-:*:*:*:*:*:*:*","matchCriteriaId":"65E7DF1E-5CDE-4DF0-A952-A01BF059EB96"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000094_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"789E6127-504B-4B50-B5C7-C7F7933378A1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000094:-:*:*:*:*:*:*:*","matchCriteriaId":"5A029C9E-9F11-4D07-BD80-B9D00A379AAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xg101002_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7EAE86E-AC65-4C37-A23E-E4C9DBFDEE48"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xg101002:-:*:*:*:*:*:*:*","matchCriteriaId":"71E5EA1A-F5AE-42B6-804B-59FE6016A691"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xg101032_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"45E15ACE-6573-43FC-8B38-A3B760C8B60D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xg101032:-:*:*:*:*:*:*:*","matchCriteriaId":"96CF3B92-6AA8-4494-A047-C0DAB82C01D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xg101039_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4C8F081D-479F-492A-9580-8EBE8011DA4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xg101039:-:*:*:*:*:*:*:*","matchCriteriaId":"9A96C6B0-5B33-45DA-B3B1-AD304B7AE313"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21384","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:54.097","lastModified":"2026-07-07T17:27:33.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon Auto","Snapdragon Compute","Snapdragon Consumer IOT","Snapdragon Industrial IOT","Snapdragon Mobile"],"versions":[{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"LeMans_AU_LGIT","status":"affected"},{"version":"LeMansAU","status":"affected"},{"version":"Netrani","status":"affected"},{"version":"Pandeiro","status":"affected"},{"version":"QAM8255P","status":"affected"},{"version":"QAMSRV1H","status":"affected"},{"version":"QAMSRV1M","status":"affected"},{"version":"QCA6595","status":"affected"},{"version":"QCA6595AU","status":"affected"},{"version":"QCA6678AQ","status":"affected"},{"version":"QCA6698AQ","status":"affected"},{"version":"QCA6698AU","status":"affected"},{"version":"QCA6797AQ","status":"affected"},{"version":"QCM4490","status":"affected"},{"version":"QCM5430","status":"affected"},{"version":"QCM6490","status":"affected"},{"version":"QCM8838","status":"affected"},{"version":"QCS4490","status":"affected"},{"version":"QCS8550","status":"affected"},{"version":"QLN1083BD","status":"affected"},{"version":"QLN1086BD","status":"affected"},{"version":"QPA1083BD","status":"affected"},{"version":"QPA1086BD","status":"affected"},{"version":"Qualcomm Video Collaboration VC3 Platform","status":"affected"},{"version":"QXM1093","status":"affected"},{"version":"QXM1094","status":"affected"},{"version":"QXM1095","status":"affected"},{"version":"QXM1096","status":"affected"},{"version":"SA7255P","status":"affected"},{"version":"SA7775P","status":"affected"},{"version":"SA8255P","status":"affected"},{"version":"SA8620P","status":"affected"},{"version":"SA8770P","status":"affected"},{"version":"SA9000P","status":"affected"},{"version":"SAR2130P","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"SD 8 Gen1 5G","status":"affected"},{"version":"SD865 5G","status":"affected"},{"version":"SDR753","status":"affected"},{"version":"SM7435","status":"affected"},{"version":"Snapdragon 4 Gen 2 Mobile Platform","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 6 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 6 Gen 3 Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon 7 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon 8 Elite","status":"affected"},{"version":"Snapdragon 8 Gen 1 Mobile Platform","status":"affected"},{"version":"Snapdragon AR1 Gen 1 Platform","status":"affected"},{"version":"Snapdragon XR2 5G Platform","status":"affected"},{"version":"Snapdragon XR2+ Gen 1 Platform","status":"affected"},{"version":"SRV1H","status":"affected"},{"version":"SRV1M","status":"affected"},{"version":"SXR2230P","status":"affected"},{"version":"SXR2330P","status":"affected"},{"version":"SXR2350P","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6755","status":"affected"},{"version":"WCN7860","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8810","status":"affected"},{"version":"WSA8815","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"XRV7209","status":"affected"},{"version":"XRV9209","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.1,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:31.457378Z","id":"CVE-2026-21384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemans_au_lgit_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5767FE95-737F-4C20-A5AB-EC641A68D906"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemans_au_lgit:-:*:*:*:*:*:*:*","matchCriteriaId":"33323A49-9267-421B-96E1-80C5FA709EBC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:lemansau_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DF0ED3F-C98B-458E-ADCC-C922402BB185"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:lemansau:-:*:*:*:*:*:*:*","matchCriteriaId":"102A4B5E-1739-4C31-A626-ABF6B02FEE29"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:netrani_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9C52A53B-1182-47F3-9800-D8C58F954277"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:netrani:-:*:*:*:*:*:*:*","matchCriteriaId":"BEC1F084-78C8-4413-940A-47E9554CB6D0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"23F8EF0C-BB48-47E1-A045-254D79388F75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*","matchCriteriaId":"058950FC-ED72-4E91-AE13-87E738ADC083"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3723C7B1-A7E2-401F-8D6D-189350F6BCA5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"B12B89EF-7B12-481E-BCBC-F12B9D16321A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F8673334-5E11-4E95-B33D-3029499F71DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"EC0B32F6-5EF0-4591-99D7-D0E9B09DEC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qamsrv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CE03AB2A-3ED9-4489-8E5B-4FCF8BAA8559"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qamsrv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"9E646738-6A87-4470-9640-6A5A1DF3AF78"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"643EC76D-2836-48E6-81DA-78C4883C33CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*","matchCriteriaId":"477F6529-4CE1-44FC-B6EE-D24D44C71AE7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"288F637F-22F8-47CF-B67F-C798A730A1BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*","matchCriteriaId":"D0996EA3-1C92-4933-BE34-9CF625E59FE7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6678aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D001127D-8160-42F0-B8B9-2FAA2976B530"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6678aq:-:*:*:*:*:*:*:*","matchCriteriaId":"C9EB615F-FD4C-450B-AB25-E936FD9816C4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5FA1F8F4-EAF2-4704-A8A6-19AD3CA1B577"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*","matchCriteriaId":"B3F7853D-09EE-476F-B48D-BB30AEB4A67D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6698au_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3ACA09C0-84A5-493A-A9BD-EF95A8330D54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6698au:-:*:*:*:*:*:*:*","matchCriteriaId":"3A2397BD-431C-4730-92E3-17A5C2445A65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"797295C2-535C-46A9-A725-E1A5405F0436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6797aq:-:*:*:*:*:*:*:*","matchCriteriaId":"8BFC575E-594E-4711-94B1-2DC8D03B9AC4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DA506489-4338-44DF-8F92-12E60AF0048C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm4490:-:*:*:*:*:*:*:*","matchCriteriaId":"A8718C37-A82A-4A08-A887-3F22B37601A9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*","matchCriteriaId":"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*","matchCriteriaId":"99AA0291-B822-4CAD-BA17-81B632FC3FEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm8838_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7C6535AE-8680-4AB9-ABF6-82DAE1795531"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm8838:-:*:*:*:*:*:*:*","matchCriteriaId":"9C3FEACB-1AE1-4BF2-9552-C31A32DCCA9B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3336CDD7-9E7B-4FFB-A5CE-594B19B63A6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs4490:-:*:*:*:*:*:*:*","matchCriteriaId":"1197E229-1E27-4CA3-A386-B77FAE5DFE1A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FFF23DDB-98A0-4343-ADD3-5AB9C2383E7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*","matchCriteriaId":"5ACB8AFB-5B91-4AA1-BA3A-1AF0B3503080"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FD70F234-1EE7-4362-97F6-5AEDB7078D03"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"C569A848-B70C-42EF-B6D5-4A86547586EE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qln1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F218DF06-C40A-4738-ABB5-A3FA2243EF84"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qln1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2A0CD0-66FA-45D6-BBC7-03641203EC73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1083bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B0208F7B-A959-485E-B004-A34CB7C7C4C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1083bd:-:*:*:*:*:*:*:*","matchCriteriaId":"FBDAC812-4603-4D24-A861-23825E32D44E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qpa1086bd_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7F6DEF72-A8FF-4B67-AA6C-5CB4AA7B35E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qpa1086bd:-:*:*:*:*:*:*:*","matchCriteriaId":"00EF6875-B088-40BD-A526-C962789CDC5A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD4946C6-778F-4542-AB77-C9B86AF25C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6F1D604A-4530-42B3-80A0-58A82D658DDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1093_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9A46B609-BD06-4BB7-B055-1F71C555E93D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1093:-:*:*:*:*:*:*:*","matchCriteriaId":"59598462-1E53-4F6D-BAB5-06ACEDF6CD9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1094_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8F30D66E-2802-4394-BC39-5E04711234FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1094:-:*:*:*:*:*:*:*","matchCriteriaId":"078EC383-784F-4468-B94C-AE7CC9808419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1095_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7B67C93-0453-4696-8F3D-0AD664922C44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1095:-:*:*:*:*:*:*:*","matchCriteriaId":"D61C46AA-9130-46A8-BD04-8B4235118B81"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm1096_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2D5E44-48F6-41E8-A38B-A2E070E16AA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm1096:-:*:*:*:*:*:*:*","matchCriteriaId":"9BD0372F-5140-4966-9A27-6B5A606C0665"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2B651F0A-34DA-400F-A376-B499BFDF8E86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7255p:-:*:*:*:*:*:*:*","matchCriteriaId":"4CFF093D-98C8-470F-8330-E5126E06343A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6C32CA38-5D48-4108-9858-FD66E20CAF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa7775p:-:*:*:*:*:*:*:*","matchCriteriaId":"E1997F8B-17B8-4DE3-BCF7-726928720592"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EC6E268D-C4AF-4950-9223-39EA36D538A8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*","matchCriteriaId":"073C1A81-D02B-4F2F-9378-CD1B2DCE0E5B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8620p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6ACE6D64-A498-482F-8270-718F4884CFFD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8620p:-:*:*:*:*:*:*:*","matchCriteriaId":"B6E016D6-1B83-4261-A27E-1F9873F81E14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"781CCC31-C08F-499B-BE73-6C7DB70437AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*","matchCriteriaId":"75AFAA21-0589-4C6A-9418-34EE8A61BBAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A024AB04-B213-4018-A4C1-FA467C7BA775"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*","matchCriteriaId":"A2A8AB7C-5D34-4794-8C06-2193075B323F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sar2130p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95696696-D2AE-4358-AF5D-3ED14F969964"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sar2130p:-:*:*:*:*:*:*:*","matchCriteriaId":"1A6FC469-463F-4EC1-B4EF-010BDB9BAA05"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"76910884-45D9-4EA2-BA30-44A8C7CC1339"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd_8_gen1_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"33D393A6-4586-4416-86EB-F9D86DC3DED8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72433485-B229-46A6-BCA4-394AA4EEA683"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*","matchCriteriaId":"04D40EC4-BF31-4BFD-8D0A-8193F541AF02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sdr753_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A49B142B-E8DC-4A79-B969-2C2FBE2E009A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sdr753:-:*:*:*:*:*:*:*","matchCriteriaId":"8A1A6C7D-EAB0-4D8D-9A3E-DA066F4ACF7D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sm7435_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F7A95A9E-617A-4D3A-9A4E-0C0A29B3C8B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sm7435:-:*:*:*:*:*:*:*","matchCriteriaId":"3559292E-B5A6-4F88-BC20-F6AA85F07C97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_4_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"55AECCCF-0761-46B6-B669-E73096679AFB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_4_gen_2_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"7DE87CA2-160A-43BF-AC18-DA788501B5B4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_6_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EBB3BC1B-2EBC-457C-AE91-6BD408EB7D5F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_6_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0870CC30-07F8-4FFF-85B4-FBACE947CC14"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_6_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D69E4203-EA20-4D6F-BD1C-C8E550588F87"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_6_gen_3_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"C1225010-5A08-4D13-A3E2-4C57C4265605"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_7_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"677D5A3F-2A0D-48F0-A1C5-B067BADFD11A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_7_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"CB79B015-A401-4FAD-8818-1475653C2B12"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_elite_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3EA50192-07B0-4404-93D4-EC4F3B1918B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_elite:-:*:*:*:*:*:*:*","matchCriteriaId":"26C7FC48-08CB-4E50-B8D3-8AF30549FDF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EB8FA32F-4690-4C5B-8968-474DA32FD0A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"59BD8BEA-725A-4158-84BE-4AFD476ED03D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"53E5BBDA-C07D-42E2-9A34-EC1F6454CAA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"0BB2408F-C768-4DD2-B834-B62E188D6CC2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A129620-8241-4A47-AAC8-CC7E10A09C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"4CEDD78E-124C-4216-9B57-3B7B53463659"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_xr2\\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BF9740EB-F82E-42EA-993E-A393B05CC6BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_xr2\\+_gen_1_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"022A5532-03F7-4FB8-BA0D-4221178C9486"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0CD199F5-DA68-4BEB-AA99-11572DA26B4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*","matchCriteriaId":"8ACA2D4D-FC77-4C1A-8278-1C27B3EA3303"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4B29E7F-8BFE-466A-B357-63F8A2160C4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:srv1m:-:*:*:*:*:*:*:*","matchCriteriaId":"6D55CC7D-2E65-4CA9-9892-B6FBCC087E6F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CD6444F6-A477-4B4C-8A09-C22C47CCE45B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*","matchCriteriaId":"F3E20681-4FC4-46E2-AF77-BCF03BC8E77E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2330p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"568C5B08-AC42-48D3-8029-A65689EEBE75"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2330p:-:*:*:*:*:*:*:*","matchCriteriaId":"56DD2B49-0A36-443C-BECB-4115E271A415"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sxr2350p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AA54D269-A94D-47CB-B3F1-7B163E453A67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sxr2350p:-:*:*:*:*:*:*:*","matchCriteriaId":"F1D79422-1EA3-459A-8C4A-8A0FBE386036"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2BC386D9-3D2B-40FA-A2D9-199BB138F46A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6755:-:*:*:*:*:*:*:*","matchCriteriaId":"133FFD9F-FA09-4801-939B-AD1D507BE5FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2EB8794F-7998-424E-AF68-E4A4F9310F65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*","matchCriteriaId":"799D69CE-3FCC-4B19-8B00-9AF38111D983"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15307882-7039-43E9-9BA3-035045988B99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*","matchCriteriaId":"AA85B322-E593-4499-829A-CC6D70BAE884"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*","matchCriteriaId":"7E870D82-DE3B-4199-A730-C8FB545BAA98"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv7209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC6C6243-E092-4903-BC20-E3B0CECBC790"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv7209:-:*:*:*:*:*:*:*","matchCriteriaId":"AAA33761-D61C-4A81-B233-5E2D50F3596F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xrv9209_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3D693483-72F9-42B1-8EDA-8DABD537F428"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xrv9209:-:*:*:*:*:*:*:*","matchCriteriaId":"43F4A7D9-055D-475B-BFE4-61A86C7397F8"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-25268","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:54.730","lastModified":"2026-07-07T16:37:11.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon Auto","Snapdragon Compute","Snapdragon Consumer IOT","Snapdragon Industrial IOT","Snapdragon Mobile","Snapdragon WBC","Snapdragon Wired Infrastructure and Networking"],"versions":[{"version":"5G Fixed Wireless Access Platform","status":"affected"},{"version":"AR8035","status":"affected"},{"version":"CQ7790","status":"affected"},{"version":"CQ8725S","status":"affected"},{"version":"CSR8811","status":"affected"},{"version":"FastConnect 6700","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"FWA Gen 3 Ultra Platform","status":"affected"},{"version":"FWA Gen 5 Elite Platform","status":"affected"},{"version":"Immersive Home 214 Platform","status":"affected"},{"version":"Immersive Home 216 Platform","status":"affected"},{"version":"Immersive Home 316 Platform","status":"affected"},{"version":"Immersive Home 318 Platform","status":"affected"},{"version":"Immersive Home 3210 Platform","status":"affected"},{"version":"Immersive Home 326 Platform","status":"affected"},{"version":"IPQ5010","status":"affected"},{"version":"IPQ5028","status":"affected"},{"version":"IPQ5300","status":"affected"},{"version":"IPQ5302","status":"affected"},{"version":"IPQ5312","status":"affected"},{"version":"IPQ5332","status":"affected"},{"version":"IPQ6000","status":"affected"},{"version":"IPQ6010","status":"affected"},{"version":"IPQ6018","status":"affected"},{"version":"IPQ8076","status":"affected"},{"version":"IPQ8078","status":"affected"},{"version":"IPQ9008","status":"affected"},{"version":"IPQ9048","status":"affected"},{"version":"IPQ9554","status":"affected"},{"version":"IPQ9570","status":"affected"},{"version":"IPQ9574","status":"affected"},{"version":"Kobuk","status":"affected"},{"version":"Marina","status":"affected"},{"version":"Networking Pro 1200 Platform","status":"affected"},{"version":"Networking Pro 1210 Platform","status":"affected"},{"version":"Networking Pro 1610 Platform","status":"affected"},{"version":"Networking Pro 400 Platform","status":"affected"},{"version":"Networking Pro 600 Platform","status":"affected"},{"version":"Networking Pro 610 Platform","status":"affected"},{"version":"Networking Pro 800 Platform","status":"affected"},{"version":"Networking Pro 810 Platform","status":"affected"},{"version":"Orne","status":"affected"},{"version":"QCA0000","status":"affected"},{"version":"QCA4024","status":"affected"},{"version":"QCA6174A","status":"affected"},{"version":"QCA8075","status":"affected"},{"version":"QCA8080","status":"affected"},{"version":"QCA8081","status":"affected"},{"version":"QCA8082","status":"affected"},{"version":"QCA8084","status":"affected"},{"version":"QCA8085","status":"affected"},{"version":"QCA8101","status":"affected"},{"version":"QCA8102","status":"affected"},{"version":"QCA8111","status":"affected"},{"version":"QCA8112","status":"affected"},{"version":"QCA8337","status":"affected"},{"version":"QCA8384","status":"affected"},{"version":"QCA8385","status":"affected"},{"version":"QCA8386","status":"affected"},{"version":"QCA9888","status":"affected"},{"version":"QCA9889","status":"affected"},{"version":"QCC710","status":"affected"},{"version":"QCF8000","status":"affected"},{"version":"QCF8001","status":"affected"},{"version":"QCM5430","status":"affected"},{"version":"QCM6490","status":"affected"},{"version":"QCN5022","status":"affected"},{"version":"QCN5024","status":"affected"},{"version":"QCN5052","status":"affected"},{"version":"QCN5122","status":"affected"},{"version":"QCN5124","status":"affected"},{"version":"QCN5152","status":"affected"},{"version":"QCN5154","status":"affected"},{"version":"QCN5164","status":"affected"},{"version":"QCN5224","status":"affected"},{"version":"QCN6023","status":"affected"},{"version":"QCN6024","status":"affected"},{"version":"QCN6112","status":"affected"},{"version":"QCN6122","status":"affected"},{"version":"QCN6132","status":"affected"},{"version":"QCN6224","status":"affected"},{"version":"QCN6274","status":"affected"},{"version":"QCN6402","status":"affected"},{"version":"QCN6412","status":"affected"},{"version":"QCN6422","status":"affected"},{"version":"QCN6432","status":"affected"},{"version":"QCN9000","status":"affected"},{"version":"QCN9012","status":"affected"},{"version":"QCN9013","status":"affected"},{"version":"QCN9022","status":"affected"},{"version":"QCN9024","status":"affected"},{"version":"QCN9070","status":"affected"},{"version":"QCN9100","status":"affected"},{"version":"QCN9160","status":"affected"},{"version":"QCN9274","status":"affected"},{"version":"QFW7114","status":"affected"},{"version":"QFW7124","status":"affected"},{"version":"QFW7224","status":"affected"},{"version":"QMX82L","status":"affected"},{"version":"QMX85L","status":"affected"},{"version":"Qualcomm Video Collaboration VC3 Platform","status":"affected"},{"version":"QXM8083","status":"affected"},{"version":"SAR2130P","status":"affected"},{"version":"SDX61","status":"affected"},{"version":"SDX65M","status":"affected"},{"version":"SDX81","status":"affected"},{"version":"Snapdragon 460 Mobile Platform","status":"affected"},{"version":"Snapdragon 662 Mobile Platform","status":"affected"},{"version":"Snapdragon Auto 5G Modem-RF","status":"affected"},{"version":"Snapdragon X62 5G Modem-RF System","status":"affected"},{"version":"Snapdragon X65 5G Modem-RF System","status":"affected"},{"version":"Snapdragon X72 5G Modem-RF System","status":"affected"},{"version":"Snapdragon X75 5G Modem-RF System","status":"affected"},{"version":"SW-only","status":"affected"},{"version":"WCD9340","status":"affected"},{"version":"WCD9370","status":"affected"},{"version":"WCD9375","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WCN3950","status":"affected"},{"version":"WCN3988","status":"affected"},{"version":"WCN6755","status":"affected"},{"version":"WCN7861","status":"affected"},{"version":"WCN7881","status":"affected"},{"version":"WSA8830","status":"affected"},{"version":"WSA8832","status":"affected"},{"version":"WSA8835","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-25268","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F80BC68E-7476-4A40-9F48-53722FE9A5BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*","matchCriteriaId":"6B36F4B2-BAA3-45AD-9967-0EB482C99708"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:5g_fixed_wireless_access_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C9D9ABF8-3D6C-415B-B6F9-9A430D08E335"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:5g_fixed_wireless_access_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"CF1134A5-796D-476B-A0E6-4BDD7A96A109"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C88B9C86-2E8E-4DCE-A30C-02977CC00F00"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*","matchCriteriaId":"EE473A5A-5CFC-4F08-A173-30717F8BD0D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:cq7790_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D9FEBA60-92CC-4660-B410-74A9D0AEB7B9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:cq7790:-:*:*:*:*:*:*:*","matchCriteriaId":"25B3F423-6AF3-472A-A178-21776C708A88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:cq8725s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C6143A36-BA18-432C-A6BB-2F33B1509C44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:cq8725s:-:*:*:*:*:*:*:*","matchCriteriaId":"09EE5F30-46A6-423B-94AF-E7F4DAB532CB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C359D1E7-6E0A-41B5-ABE5-B55598960700"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca4024:-:*:*:*:*:*:*:*","matchCriteriaId":"B4DC3CE7-0C4A-458B-A42E-8F80C062DD5F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4FF653D0-15CF-4A10-8D8E-BE56F4DAB890"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*","matchCriteriaId":"C31FA74C-6659-4457-BC32-257624F43C66"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC8A5A87-7D62-4EB7-962A-0F160DE3E889"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8075:-:*:*:*:*:*:*:*","matchCriteriaId":"7B68D126-7F49-4FFA-8AF8-78120973D78E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8080_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FC553591-A429-48B6-B378-CDF0A2173EA2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8080:-:*:*:*:*:*:*:*","matchCriteriaId":"3A0E183F-C9E7-4B6A-8470-44BA77DA4E2E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1D1C53DC-D2F3-4C92-9725-9A85340AF026"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*","matchCriteriaId":"ED0585FF-E390-46E8-8701-70964A4057BB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8082_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EB1F2E8B-1ED2-473D-AFD8-F2590F6BD414"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8082:-:*:*:*:*:*:*:*","matchCriteriaId":"FBDA9657-7D30-41FD-8112-F53E6C69D53A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8084_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1B9045A8-BA53-43C4-B24D-5EF320DE7A4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8084:-:*:*:*:*:*:*:*","matchCriteriaId":"3D6E8939-AFA3-41AC-B811-BCC282A43106"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8085_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B87335A8-DC52-478E-B19F-0C4CC63132EA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8085:-:*:*:*:*:*:*:*","matchCriteriaId":"99C34523-FE2A-4DDC-9A8A-D9072F3D0FD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8101_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A7F8D18-C53F-4C0E-AC2E-4FE6B7F9D4D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8101:-:*:*:*:*:*:*:*","matchCriteriaId":"6C2EE327-06BA-41AF-807B-A16875CE5BD5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8102_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BDB37850-3613-4F72-B559-3BD8CA59A1A1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8102:-:*:*:*:*:*:*:*","matchCriteriaId":"F482A96D-3BB1-4FFC-8F26-0E6E9AA4F4D4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8111_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"15A9FAB1-9A90-4CE4-A00F-04703659BB4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8111:-:*:*:*:*:*:*:*","matchCriteriaId":"09ADD6B3-8876-469A-83D1-0DF12756D6EE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8112_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8C25D65C-0F25-49EE-8CD6-16472D081509"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8112:-:*:*:*:*:*:*:*","matchCriteriaId":"7275DCA9-8429-4C1E-9911-298743E67326"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2FA8F9DA-1386-4961-B9B2-484E4347852A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*","matchCriteriaId":"117289C8-7484-4EAE-8F35-A25768F00EED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8384_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CFE75D55-09F1-4980-AEE7-E4BF80DE8C9B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8384:-:*:*:*:*:*:*:*","matchCriteriaId":"B62AF79F-88EA-421C-89AE-4F3A8DA563D8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"840E8FE5-5496-4C36-A6DD-5A1AA42FD039"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8385:-:*:*:*:*:*:*:*","matchCriteriaId":"1C60AC74-A676-4BA9-8709-B834241B0D78"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca8386_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"08E9E6CB-2216-4AF2-81C2-D482598298BE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca8386:-:*:*:*:*:*:*:*","matchCriteriaId":"4774FAA6-6141-4B08-819C-58D4D9A2B69F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca9888_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EF227702-EEFC-43CC-AC80-81EA6E4927E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca9888:-:*:*:*:*:*:*:*","matchCriteriaId":"AE5DFEA5-EA29-40B6-83DB-883B276E8245"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca9889_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"728CCD27-ED06-49FD-AECD-9B0856813EDF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca9889:-:*:*:*:*:*:*:*","matchCriteriaId":"1D181868-AE93-4116-B45F-81D94F537227"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2A75D017-032F-4369-917C-567EE2A809F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcc710:-:*:*:*:*:*:*:*","matchCriteriaId":"107F0423-608C-404D-B58B-616A6494418F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcf8000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9A05AC12-9E7A-4837-A447-1718396011FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcf8000:-:*:*:*:*:*:*:*","matchCriteriaId":"8E3FF297-D849-45AE-AAB8-DDEA64A23FF3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcf8001_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"287199B4-9CBB-4290-BDB3-ABBB41794259"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcf8001:-:*:*:*:*:*:*:*","matchCriteriaId":"142DC510-DD92-4174-8B37-4D239573661E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4EC5F81B-AA24-4E3C-9FC8-53E010AC977E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*","matchCriteriaId":"B5C66DAD-0D85-46B8-92D7-6D68B9429E9A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ADD6D51E-5787-42A6-8A02-4EBBAFFF9C94"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*","matchCriteriaId":"99AA0291-B822-4CAD-BA17-81B632FC3FEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5022_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"478B79F0-D257-41B2-965B-3E251A584D45"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5022:-:*:*:*:*:*:*:*","matchCriteriaId":"8B6D2C9D-1BF9-4D78-90FB-B7633DD87E67"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5024_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"63965F19-033E-4755-B9CA-EF409EC339A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5024:-:*:*:*:*:*:*:*","matchCriteriaId":"CCA0E68F-6D5F-4C20-AABC-26CA6867D3D6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5052_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"85740DB4-3B08-48A4-ACAF-7BBB2612009A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5052:-:*:*:*:*:*:*:*","matchCriteriaId":"8A0BD404-5EBA-4988-91B6-ECE8FCF4F041"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5122_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"290BFC8A-0D76-4BCD-B059-2DAFD368A10C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5122:-:*:*:*:*:*:*:*","matchCriteriaId":"936A308A-92B9-468C-9BC6-8FD71C7C2315"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5124_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2A9F76FF-96D3-4BCE-918D-B3B0ADA3E8E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5124:-:*:*:*:*:*:*:*","matchCriteriaId":"2908A543-EFE4-477D-9CF3-76534B2E6CF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5152_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0EAE1EBF-AD14-4C07-99B5-2547A5196B20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5152:-:*:*:*:*:*:*:*","matchCriteriaId":"D4829FF9-C0BA-4E40-A01A-3EF179462029"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5154_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0ED3ED74-C2D0-4A84-A2F8-392818E5CD20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5154:-:*:*:*:*:*:*:*","matchCriteriaId":"4F1CA219-959D-481A-8622-69F1825832FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5164_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5F6EAD64-D133-42C4-92ED-90C49938C0F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5164:-:*:*:*:*:*:*:*","matchCriteriaId":"93E7ED58-C5A7-4F78-8233-750780CCAB16"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn5224_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9242D662-65B5-4EE4-85F7-AB4864962A9E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn5224:-:*:*:*:*:*:*:*","matchCriteriaId":"F15FC87F-8E22-433E-A1EB-46982FFCD033"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6023_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"63FF89C5-3BBF-4A13-8A3B-F490C2FA1A95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6023:-:*:*:*:*:*:*:*","matchCriteriaId":"6784EC5F-2C26-49C5-9A03-6FD2056C04EF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A49DBE04-E2EA-4DA1-B774-A878A71524AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6024:-:*:*:*:*:*:*:*","matchCriteriaId":"69E98386-3BB2-4E8C-AD00-E05123608439"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6112_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6300827E-F6F0-490B-8043-38DD415E3161"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6112:-:*:*:*:*:*:*:*","matchCriteriaId":"58F6B4C5-2C26-4A13-BA10-5B70805AD8B6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6122_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A988BD3-71D8-4F2B-9EC2-8E385B114114"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6122:-:*:*:*:*:*:*:*","matchCriteriaId":"1E7049A3-9F35-465F-9B2E-96788E54EC63"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6132_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A59FBBDC-0495-422C-B25A-FFDF94D33C34"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6132:-:*:*:*:*:*:*:*","matchCriteriaId":"F6E55C06-45EE-4144-8CBC-4D41DDE4D899"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5F4362D2-30A3-4388-ABB6-293878AD7036"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6224:-:*:*:*:*:*:*:*","matchCriteriaId":"BB6AE9A7-386A-473B-9BD5-DA37B1E696C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"88376C1D-AC4D-4EB0-AF6A-274D020F5859"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6274:-:*:*:*:*:*:*:*","matchCriteriaId":"E15BA4B4-C97F-45C0-A4AD-7E46387F19A6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6402_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0C46FCBE-C6AC-4715-8E16-6B070A222452"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6402:-:*:*:*:*:*:*:*","matchCriteriaId":"2A27FD2C-695B-4A5E-9715-5683E868809E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D4CAA848-413D-4C63-823B-BFCE95C7740C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:csr8811:-:*:*:*:*:*:*:*","matchCriteriaId":"1AA32CC0-DE30-4B15-8EC6-1FAF14C5C4E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"82B82E87-F3F4-466F-A76B-C8809121FF6F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*","matchCriteriaId":"419A132E-E42C-4395-B74B-788A39DF1D13"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fwa_gen_3_ultra_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AEB6D1A6-2CB2-4425-A5A0-EE9A9434C08C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fwa_gen_3_ultra:-:*:*:*:*:*:*:*","matchCriteriaId":"02675702-6F51-4AF0-A62B-3A1658E45094"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fwa_gen_5_elite_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"04CD5DD2-E4CA-437A-8F33-2F7DA09B685C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fwa_gen_5_elite:-:*:*:*:*:*:*:*","matchCriteriaId":"1821A2C8-671A-4D41-9470-1F2DBB967FE3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:immersive_home_214_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4C241123-63B1-4CA2-A3CB-BADA86EAAA2E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:immersive_home_214_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"66E4B95D-966A-4940-A403-9E8241F121C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:immersive_home_216_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"68309F58-91D9-407E-9578-17EAF6836E07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:immersive_home_216_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"A0D491A9-6A1F-4B62-9A30-5A9F592BD5B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:immersive_home_316_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AA6CA3E5-7A0F-4705-985E-0C25DE609494"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:immersive_home_316_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"8DC770BF-4B23-4F43-A0B9-E5FE41536F5E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:immersive_home_318_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"84B4531C-9D90-4A9B-8724-1428372319C8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:immersive_home_318_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"497EC79B-0879-4FA2-A5B7-63EA54FC20A5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:immersive_home_3210_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B1AA3313-749F-486B-8212-33E569377C2B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:immersive_home_3210_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"B6F6D44F-BD86-44B9-BE5D-471D33F0438D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:immersive_home_326_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB0662A-2D27-4AE7-8370-0B567B9A8214"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:immersive_home_326_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"67970B89-2F06-4E4A-88CA-9D37C060C1BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq5010_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8543C671-054B-489F-ACFE-B7D7BEC1DEE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq5010:-:*:*:*:*:*:*:*","matchCriteriaId":"15C5F8CB-3291-4E13-94F0-680FC85A9669"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq5028_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5AE3085F-59BE-46A0-9A96-65CFAB7DFEAE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq5028:-:*:*:*:*:*:*:*","matchCriteriaId":"825524E0-BB01-4CAD-9F65-95E096467D28"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq5300_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"19FE4D11-3A23-4652-B86E-ED996426DD61"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq5300:-:*:*:*:*:*:*:*","matchCriteriaId":"C2637D57-1226-4091-BF08-39680615176F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq5302_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3EB5FF59-057F-42D9-8829-EF0AD2CBB6DD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq5302:-:*:*:*:*:*:*:*","matchCriteriaId":"AE256F7A-9696-44D0-B8C9-C60A7B61FC91"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq5312_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"01F79573-A728-4052-92A6-5ADE4E7A4B23"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq5312:-:*:*:*:*:*:*:*","matchCriteriaId":"1AA3AFC1-C1A8-46F4-9AE9-053AB9E56B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq5332_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A795F64D-6DE9-4D56-AA22-D77470B9E5AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq5332:-:*:*:*:*:*:*:*","matchCriteriaId":"32521715-D9BF-4A86-BE4B-D9BB29C133F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq6000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AA7A5C46-48BF-42A9-A477-A660C6D7B437"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq6000:-:*:*:*:*:*:*:*","matchCriteriaId":"EDB79382-19D6-4A67-9013-7099A9C58829"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq6010_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A5CF970F-17AE-4C59-89A5-5B41A41E1DE0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq6010:-:*:*:*:*:*:*:*","matchCriteriaId":"71C54A70-AAA8-4B5E-AC1B-471A5C7E79B0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B04589FF-F299-4EF6-A57B-1AD145372DBB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*","matchCriteriaId":"FDC1ADAD-DA77-47EF-8DB9-C36961C560C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq8076_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"966392A8-DD8E-4AA1-B407-5BF2D937139E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq8076:-:*:*:*:*:*:*:*","matchCriteriaId":"A211C022-8EDF-4B76-89D6-599812900446"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq8078_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A24951FD-C4AB-4988-A1DD-019412430AC6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq8078:-:*:*:*:*:*:*:*","matchCriteriaId":"EFEC5D65-C1E3-40ED-9FE3-8DF888CA2654"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq9008_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"78A6F4F3-0CE3-4A02-B615-63E76C93ADC4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq9008:-:*:*:*:*:*:*:*","matchCriteriaId":"31D07608-80F7-44AA-BE91-1F97FC1CE313"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq9048_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C736654C-1E52-4CE7-8B11-0F0028BF8568"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq9048:-:*:*:*:*:*:*:*","matchCriteriaId":"0EED451A-FD6F-4190-9BAE-39BD4030A11A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq9554_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1C656780-05E9-40D5-936B-B73ECE9E0330"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq9554:-:*:*:*:*:*:*:*","matchCriteriaId":"CD2DF80E-E546-473B-AE26-594CFB8A87A8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq9570_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1A6182C0-AAE7-45A9-8ECB-F198B55181AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq9570:-:*:*:*:*:*:*:*","matchCriteriaId":"61FC3830-8AAF-4836-89C3-2C6355CC0272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:ipq9574_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"0327D8C9-DD6B-4831-BBD4-2EE57A351493"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:ipq9574:-:*:*:*:*:*:*:*","matchCriteriaId":"0C866E83-23ED-495C-AA5A-0B01973674BF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:kobuk_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"91D75BEA-6B49-4F12-98DF-50DB4244D26F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:kobuk:-:*:*:*:*:*:*:*","matchCriteriaId":"BA886E96-9ED5-412F-BCD6-60EC3DB04E60"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:marina_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3713FF4B-1938-4370-A5DB-F6385B1FEC69"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:marina:-:*:*:*:*:*:*:*","matchCriteriaId":"7F6E1693-366B-4BAE-AA84-AC08CE2442FA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_1200_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"485C6AE2-3D61-4559-B45C-F0DE22D6DBEC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_1200_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6A7FAF9B-0251-497E-AC7A-5748E3F179EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_1210_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E79D7D01-77D2-4E83-8BF7-864743F12929"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_1210_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"7A005215-1BD5-4BD8-B1FA-EBED4EEFE7A8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_1610_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3CB3B148-7285-4476-BCB2-A0306E0AC538"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_1610_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"1C42518F-CD3C-4C40-A4B1-E39BA620E251"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_400_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4CCBA9FD-BBC2-4A43-AA54-A82D1CA34141"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_400_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"ED746FDC-A620-4BE4-A560-624A63D1FE26"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_600_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2A3DAC65-65BB-4DD6-B81F-C066CB021322"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_600_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"46D9A2F4-AEC5-4A5B-A078-957264E4F493"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_610_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B5B43A8D-9710-41A3-A71B-4BCFA647F4B3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_610_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"CB6E5A4F-F33A-4C6A-845C-F8716FFEEE9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_800_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2E2159BD-4C54-4B92-A6B0-03ECE54ED98B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_800_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"7B3D3D4C-6785-4E1E-B13F-92E7AC186B27"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:networking_pro_810_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"663F6FAD-9515-493E-BFC6-5694C397941A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:networking_pro_810_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"54C1A881-341D-41A4-8E0C-388CB3763C2A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:orne_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"19FB8345-BBFC-4E18-A4E6-64A159D7F65B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:orne:-:*:*:*:*:*:*:*","matchCriteriaId":"FFDA4056-3F1B-4F3A-BE59-1908BD3DE5E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca0000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC941093-1A7C-47B2-AB3B-05AE4AE2FBE4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca0000:-:*:*:*:*:*:*:*","matchCriteriaId":"7A2AA834-C17C-4E0E-A510-795818041E47"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6412_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A1F6CC23-583C-4A6C-BB56-EE68CA4803DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6412:-:*:*:*:*:*:*:*","matchCriteriaId":"36CFB570-A437-4158-A306-1237BE6AD7FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6422_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"48BBE3D5-9B42-444C-9119-DB282FAE98FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6422:-:*:*:*:*:*:*:*","matchCriteriaId":"E09A34F0-5BC6-436C-AEB8-99873439742D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn6432_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3B079570-EBBE-40B6-8C08-343CDA74DB04"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn6432:-:*:*:*:*:*:*:*","matchCriteriaId":"613879FB-77E8-4339-ABC1-8EABAC78EBB0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5BCCFF8B-4857-439D-BD4A-EB35672F474B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9000:-:*:*:*:*:*:*:*","matchCriteriaId":"86896D55-89F5-440B-9082-916E486B65D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"61F34DD2-9DC0-49E5-BC85-1543EA199477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9012:-:*:*:*:*:*:*:*","matchCriteriaId":"1A06879F-6FE9-448A-8186-8347D76F872B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9013_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D1EC8266-96C3-44F2-B9FA-5A5E0815565B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9013:-:*:*:*:*:*:*:*","matchCriteriaId":"2F4612E3-E1C9-4225-A5E9-C854BF3FA28D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9022_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"36A10EB2-E7A2-461F-836E-FC38B9428C98"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9022:-:*:*:*:*:*:*:*","matchCriteriaId":"A457C1D6-A026-4B5F-9CB1-FA795785A515"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A64CDA49-19BF-413F-A0E0-2B9729E45E25"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9024:-:*:*:*:*:*:*:*","matchCriteriaId":"345CCD64-C09E-407D-AAA2-311C4CCFE24F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9070_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2C10CAAC-FD93-4116-9F0C-E983B3693FAF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9070:-:*:*:*:*:*:*:*","matchCriteriaId":"9FEC2402-BA39-49BB-A34C-FF32ED44A158"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B31EEE9E-CDEC-4E88-B950-3413205E483E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9100:-:*:*:*:*:*:*:*","matchCriteriaId":"3E1E341A-7DDD-47E5-BB5F-0666482B41C0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9160_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2B0687D7-DD06-430F-8CD2-968D766E3491"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9160:-:*:*:*:*:*:*:*","matchCriteriaId":"3013D4AE-57DB-4601-BA66-86FF067BAEB1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qcn9274_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9129A244-AB8C-4AA4-BFBB-37F84D66BD3E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qcn9274:-:*:*:*:*:*:*:*","matchCriteriaId":"41F243A1-3C0B-4780-95BF-69A4E1A91F18"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7456782E-B6CE-42ED-A51E-39907120E28B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qfw7114:-:*:*:*:*:*:*:*","matchCriteriaId":"637BF4DF-BB40-479F-B696-6AD9D4B35D64"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D72C4CE0-AB59-4652-854F-94C9998F2712"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qfw7124:-:*:*:*:*:*:*:*","matchCriteriaId":"98720774-11B8-4B4B-BC73-D4DA84E07F78"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qfw7224_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EF48F2E5-5500-411B-9000-3AE3734B5B9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qfw7224:-:*:*:*:*:*:*:*","matchCriteriaId":"13D8247B-BFB3-4ED9-8982-5E653CAD7A65"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmx82l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4AB9E3D9-5E23-43A6-818E-A919AEB05ADC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmx82l:-:*:*:*:*:*:*:*","matchCriteriaId":"D07B2A4C-3CFC-4F8B-A38A-C75C13F3F46F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qmx85l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E75672CA-A1DC-437B-8DAE-279A1BFEEF20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qmx85l:-:*:*:*:*:*:*:*","matchCriteriaId":"685536A8-AF25-409E-B501-B2AC05D22A75"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"DD4946C6-778F-4542-AB77-C9B86AF25C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"6F1D604A-4530-42B3-80A0-58A82D658DDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qxm8083_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5308653F-A89A-4FA8-BAB0-72300E4A6346"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qxm8083:-:*:*:*:*:*:*:*","matchCriteriaId":"CEF36CC6-3623-4E87-B40B-D9785CA35EB7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sar2130p_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95696696-D2AE-4358-AF5D-3ED14F969964"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sar2130p:-:*:*:*:*:*:*:*","matchCriteriaId":"1A6FC469-463F-4EC1-B4EF-010BDB9BAA05"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sdx61_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3125FCBA-94BA-415A-A005-CDC5B2CDBE39"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sdx61:-:*:*:*:*:*:*:*","matchCriteriaId":"BCB09831-632C-4043-B7BE-C02ADA70AACA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sdx65m_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"08C59BD9-8629-467F-9C1C-F2232C821DDB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sdx65m:-:*:*:*:*:*:*:*","matchCriteriaId":"7E7510FC-E89C-4EE4-84AE-8002E48937D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sdx81_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"71088DA4-A018-4D69-8D26-CD52639DB015"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sdx81:-:*:*:*:*:*:*:*","matchCriteriaId":"79806BCE-5AE0-4840-AE0F-DED768FCB6AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"390D7CAF-6C0B-4438-AA7D-AEEE127F4D3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"5BB1FC5E-CF6F-4E54-B78D-C01AFD034903"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37DF4D73-3ACC-41B3-8CA4-20DAECE6BFB7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"FE08D23A-2D0D-4472-8847-27B955F55165"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"88AF39A5-F44E-4B14-AA6E-4F80D9EEB017"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf:-:*:*:*:*:*:*:*","matchCriteriaId":"2A25FE8F-555A-4D85-8A94-A808B62EAE86"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_x62_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FEA4DE65-C5F1-45F6-9D79-CF80196471B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_x62_5g_modem-rf_system:-:*:*:*:*:*:*:*","matchCriteriaId":"1F27FE86-F0E3-4EBD-933F-9B0210CBD72F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F74BF53E-DFA1-4750-A638-FE7572B79D16"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_x65_5g_modem-rf_system:-:*:*:*:*:*:*:*","matchCriteriaId":"226D1ABD-E4AD-487E-88EB-4C66D51DB33D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"205BF723-DBED-4EAE-8B5C-0E01B01E1544"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_x72_5g_modem-rf_system:-:*:*:*:*:*:*:*","matchCriteriaId":"9A36A7B8-CF35-4003-AC3E-C5D25288B1A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95A98B39-067F-4047-9ADB-7C53F18CBB7B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:snapdragon_x75_5g_modem-rf_system:-:*:*:*:*:*:*:*","matchCriteriaId":"1C462F32-0E70-472A-A42D-CD0229A97E94"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sw-only_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"52433CDD-4776-41C7-96BA-D9EB12934C06"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sw-only:-:*:*:*:*:*:*:*","matchCriteriaId":"A996EBB2-BE81-41AD-8164-21A741FD2793"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8BA28CC6-C8BB-4F50-BFE3-A59F664A4F54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*","matchCriteriaId":"94D2BDF1-764C-48BA-8944-3275E8768078"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1295D869-F4DD-4766-B4AA-3513752F43B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*","matchCriteriaId":"B98784DC-3143-4D38-AD28-DBBDCCAB4272"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"34143ABA-7D09-429F-A65C-3A33438BF62C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*","matchCriteriaId":"9D56DFE3-5EF1-4B23-BBD5-0203FBF9CCEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3FEF2DB6-00F5-4B07-953B-EF58B31267F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*","matchCriteriaId":"120E8F0F-EBEB-4565-9927-2D473F783EF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4BFB25F-013B-48E3-99FF-3E8687F94423"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*","matchCriteriaId":"BF676C5B-838B-446C-A689-6A25AB8A87E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2BC386D9-3D2B-40FA-A2D9-199BB138F46A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn6755:-:*:*:*:*:*:*:*","matchCriteriaId":"133FFD9F-FA09-4801-939B-AD1D507BE5FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"57608D47-894C-4895-B4B3-4733D55D57DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*","matchCriteriaId":"2FFD2C38-1A61-4BED-ABFA-DAE0C4B78620"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D765C392-5F38-4E6A-9E88-59629E7A6911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE8F4F9-F692-4EC0-A3FE-2CDD681DCBFD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"11B69595-E488-4590-A150-CE5BE08B5E13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*","matchCriteriaId":"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7ACAD26E-B79E-4659-91A5-D301281F7D36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*","matchCriteriaId":"F0E46DA6-9494-4D92-A4AE-A272AF6ACCCC"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-25271","sourceIdentifier":"product-security@qualcomm.com","published":"2026-07-06T21:16:54.903","lastModified":"2026-07-07T16:35:38.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use."}],"affected":[{"source":"product-security@qualcomm.com","affectedData":[{"vendor":"Qualcomm, Inc.","product":"Snapdragon","defaultStatus":"unaffected","platforms":["Snapdragon Compute","Snapdragon Industrial IOT"],"versions":[{"version":"Cologne","status":"affected"},{"version":"FastConnect 6900","status":"affected"},{"version":"FastConnect 7800","status":"affected"},{"version":"IQX5121","status":"affected"},{"version":"IQX7181","status":"affected"},{"version":"QCA0000","status":"affected"},{"version":"SC8380XP","status":"affected"},{"version":"WCD9378C","status":"affected"},{"version":"WCD9380","status":"affected"},{"version":"WCD9385","status":"affected"},{"version":"WSA8840","status":"affected"},{"version":"WSA8845","status":"affected"},{"version":"WSA8845H","status":"affected"},{"version":"X2000077","status":"affected"},{"version":"X2000086","status":"affected"},{"version":"X2000090","status":"affected"},{"version":"X2000092","status":"affected"},{"version":"X2000094","status":"affected"},{"version":"XG101002","status":"affected"},{"version":"XG101032","status":"affected"},{"version":"XG101039","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"product-security@qualcomm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-25271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@qualcomm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:cologne_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8FF959C0-5AAB-4DC5-AE8F-4EFA21A00B5E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:cologne:-:*:*:*:*:*:*:*","matchCriteriaId":"E31E0C48-FB61-47C8-B28B-3A701E85E126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E670F500-9B71-4BBE-B5DA-221D35803C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*","matchCriteriaId":"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*","matchCriteriaId":"638DBC7F-456F-487D-BED2-2214DFF8BEE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iqx5121_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"499A2520-436C-4B12-849D-98B94088CCDE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iqx5121:-:*:*:*:*:*:*:*","matchCriteriaId":"4C34A825-C928-4F8F-B076-19F8787A3440"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:iqx7181_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F58C10B5-2BB1-4A8F-AF4B-2EC791C9FBBE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:iqx7181:-:*:*:*:*:*:*:*","matchCriteriaId":"9EE22328-BBF8-473C-8F89-58AEF8CC9D75"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:qca0000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CC941093-1A7C-47B2-AB3B-05AE4AE2FBE4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:qca0000:-:*:*:*:*:*:*:*","matchCriteriaId":"7A2AA834-C17C-4E0E-A510-795818041E47"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"14E3FE58-7F1C-4F5C-B62D-0CF124E14AB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*","matchCriteriaId":"FFCB0BBA-3F81-4FCA-B3DE-190C46DA50DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9378c_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"95D79E3A-1978-4B23-B60B-2BD47FEDF5C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9378c:-:*:*:*:*:*:*:*","matchCriteriaId":"91B32C89-3238-4FDF-BB3F-F6BAE829769B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"70292B01-617F-44AD-AF77-1AFC1450523D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*","matchCriteriaId":"FA94C6D6-85DB-4031-AAF4-C399019AE16D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"92B17201-8185-47F1-9720-5AB4ECD11B22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FA2EB9-416F-4D69-8786-386CC73978AE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA33DE15-C177-43B3-AD50-FF797753D12E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*","matchCriteriaId":"AE1A5841-5BCB-4033-ACB9-23F3FCA65309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5B47BF35-3AA0-4667-842E-19B0FE30BF3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*","matchCriteriaId":"8A071672-9405-4418-9141-35CEADBB65AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BB7CF473-8B25-4851-91F2-1BD693CCDC85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*","matchCriteriaId":"91E591F2-8F72-4A5A-9264-2742EB2DABDA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000077_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A91D253E-0E24-474F-B016-0AC783812EBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000077:-:*:*:*:*:*:*:*","matchCriteriaId":"DF588C55-E61D-46C6-98C3-647748AB0192"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000086_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E763DC2C-2D41-483D-8763-8518AAFC8B09"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000086:-:*:*:*:*:*:*:*","matchCriteriaId":"2DD6A8C6-F716-42F3-A16A-70CDD2F72BCD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000090_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"21436FFF-DC3A-4279-85BB-1D2F9D270FFC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000090:-:*:*:*:*:*:*:*","matchCriteriaId":"991A3700-C97D-4495-8281-A11E0472930C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000092_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E23F8167-8C43-4CCC-B95B-1BF8462E1E90"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000092:-:*:*:*:*:*:*:*","matchCriteriaId":"65E7DF1E-5CDE-4DF0-A952-A01BF059EB96"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:x2000094_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"789E6127-504B-4B50-B5C7-C7F7933378A1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:x2000094:-:*:*:*:*:*:*:*","matchCriteriaId":"5A029C9E-9F11-4D07-BD80-B9D00A379AAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xg101002_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B7EAE86E-AC65-4C37-A23E-E4C9DBFDEE48"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xg101002:-:*:*:*:*:*:*:*","matchCriteriaId":"71E5EA1A-F5AE-42B6-804B-59FE6016A691"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xg101032_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"45E15ACE-6573-43FC-8B38-A3B760C8B60D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xg101032:-:*:*:*:*:*:*:*","matchCriteriaId":"96CF3B92-6AA8-4494-A047-C0DAB82C01D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qualcomm:xg101039_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4C8F081D-479F-492A-9580-8EBE8011DA4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:qualcomm:xg101039:-:*:*:*:*:*:*:*","matchCriteriaId":"9A96C6B0-5B33-45DA-B3B1-AD304B7AE313"}]}]}],"references":[{"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html","source":"product-security@qualcomm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33734","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:55.227","lastModified":"2026-07-07T15:16:43.627","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the `Massmailer` module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing untrusted input to be interpolated directly into SQL in the recipient selection query. Version 0.8.0 patches the issue. Some workarounds are available. Restrict administrator access to trusted users only, disable the `Massmailer` module if it is not required, audit existing records in the `mod_massmailer` table for suspicious filter values, and/or review administrator activity related to `Massmailer` message updates."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.6.0, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:04:15.262288Z","id":"CVE-2026-33734","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-jf7m-j359-2899","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-jf7m-j359-2899","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34038","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:55.370","lastModified":"2026-07-07T13:22:13.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution and exfiltrate sensitive environment variables through deployment logs via fields such as dockerfile_location and deployment commands. This issue is fixed in version 4.0.0-beta.469."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.469","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:42:50.359276Z","id":"CVE-2026-34038","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/23f9156c7306b221101f1ebbe4d3c6b5e2522acd","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9007","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.469","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-qqrq-r9h4-x6wp","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-qqrq-r9h4-x6wp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42331","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:55.617","lastModified":"2026-07-07T15:16:46.967","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the payment gateway associated with an unpaid invoice. An attacker who obtains an invoice hash, which may leak through shared URLs, referrer headers, or email links,  can change the `gateway_id` on an unpaid invoice to any payment gateway configured in the system. This does not allow redirecting payments to an arbitrary external endpoint, as the gateway must already be installed and configured by an administrator. The practical impact is further limited by the `invoice_accessible_from_hash` system setting. Version 0.8.0 contains a patch. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:51:34.115224Z","id":"CVE-2026-42331","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-8755-w77f-3g7j","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-8755-w77f-3g7j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42341","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:55.740","lastModified":"2026-07-07T16:16:39.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the associated client account without making an actual payment, by sending a single crafted HTTP request. Version 0.8.0 patches the issue. Some workarounds are available. Disable the Custom payment gateway if not actively needed and/or restrict access to `/ipn.php` at the web server level (e.g., via IP allowlisting), noting that this may interfere with legitimate payment callback processing."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.6.0, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:15:29.812048Z","id":"CVE-2026-42341","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-5493-9m76-2qrr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54234","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:56.477","lastModified":"2026-07-07T19:04:17.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then converted to negative one when the engine selects the next live token for a request and is written back into the drafter's input ids; that out-of-vocabulary value is later consumed by the model's embedding and attention path and crashes the engine worker with a GPU device-side assertion. The same triggering request sequence is reachable through the public gRPC Generate and Abort endpoints, so a remote client that can send generation requests can crash the shared engine worker, aborting concurrent requests and causing a service-wide denial of service for other clients of the deployment until the worker is restarted. This issue is fixed in version 0.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:12:43.565166Z","id":"CVE-2026-54234","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionEndExcluding":"0.24.0","matchCriteriaId":"0AF36274-AF6A-4915-8D2E-3603CF15D863"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/8a5cf1ccd65e8ac7635c402c1ec0b08988bc26ca","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/44744","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-8wr5-jm2h-8r4f","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-8wr5-jm2h-8r4f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-55514","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:57.207","lastModified":"2026-07-07T19:02:37.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is authorized to make a /v1/completions request can make such a request and induce a crash. This issue is fixed in version 0.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":">= 0.12.0, < 0.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T20:45:29.132412Z","id":"CVE-2026-55514","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.12.0","versionEndExcluding":"0.24.0","matchCriteriaId":"BBDCA379-5844-47A0-9217-A26C248DC441"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/470229c37efaf69c86e8bc97482b0b1ff7551c65","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/45252","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/releases/tag/v0.24.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-33cg-gxv8-3p8g","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55574","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:57.347","lastModified":"2026-07-07T19:03:35.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structured_outputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the string reaches the regex compiler with no guard, and in the outlines backend the validation step blocks structural issues such as lookarounds and backreferences but performs no complexity analysis, so a pattern with nested quantifiers passes all checks and causes exponential state-space expansion, allowing a single request containing an adversarial regex to hang an inference worker indefinitely and deny service. This issue is fixed in version 0.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T20:52:49.859777Z","id":"CVE-2026-55574","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionEndExcluding":"0.24.0","matchCriteriaId":"0AF36274-AF6A-4915-8D2E-3603CF15D863"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/2b3006076c5e9bc4cda9e03e3641388de3c5c286","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/45118","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-rwxx-mrjm-wc2m","source":"security-advisories@github.com","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-55727","sourceIdentifier":"security@genetec.com","published":"2026-07-06T21:16:57.580","lastModified":"2026-07-07T14:00:51.320","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams."}],"affected":[{"source":"security@genetec.com","affectedData":[{"vendor":"Genetec Inc.","product":"Genetec Security Center","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"5.14.0.0 build 5.14.178.8","lessThan":"5.14.0.0 build 5.14.178.18","versionType":"custom","status":"affected"},{"version":"5.14.0.0 build 5.14.178.18","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@genetec.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T20:52:10.299500Z","id":"CVE-2026-55727","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@genetec.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://resources.genetec.com/security-advisories/vulnerability-affecting-live-video-retrieval-in-security-center-5-14-0-0","source":"security@genetec.com"}]}},{"cve":{"id":"CVE-2026-57571","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:57.907","lastModified":"2026-07-07T19:07:22.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or traversal escaped the downloads directory, giving an arbitrary file write with attacker-controlled contents; the HTTP crawler path uses the response Content-Disposition filename and the browser crawler path uses the download's suggested filename. Because the written bytes are attacker-controlled, this can escalate to remote code execution. This issue is fixed in version 0.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"unclecode","product":"crawl4ai","versions":[{"version":"< 0.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:53:33.142454Z","id":"CVE-2026-57571","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"E7ED5B79-F478-4E2C-B384-BA572D992FAA"}]}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai/commit/60886d1a0c52682e4c83a7cef9dfac417fff6bd2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-2jq4-q6vv-4cp3","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-57573","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:58.197","lastModified":"2026-07-07T19:07:47.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed seed URLs straight to the crawler with no destination validation, allowing a remote unauthenticated client to call POST /crawl/stream or POST /crawl with crawler_config.stream=true with a URL pointing at an internal, private, or link-local address; the server fetched it and streamed the response body back. This issue is fixed in version 0.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"unclecode","product":"crawl4ai","versions":[{"version":"< 0.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:16:11.413213Z","id":"CVE-2026-57573","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"E7ED5B79-F478-4E2C-B384-BA572D992FAA"}]}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai/commit/60886d1a0c52682e4c83a7cef9dfac417fff6bd2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-wm69-2pc3-rmmf","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59711","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-06T21:16:58.660","lastModified":"2026-07-07T15:16:49.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into HTML title tags, enabling attackers to break out of the title context and execute malicious scripts in the rendered page."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"showdown","product":"showdown","defaultStatus":"unaffected","packageURL":"pkg:npm/showdown","versions":[{"version":"0","lessThanOrEqual":"2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:06:48.974766Z","id":"CVE-2026-59711","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/showdownjs/showdown","source":"disclosure@vulncheck.com"},{"url":"https://github.com/showdownjs/showdown/issues/1047","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/showdown-cross-site-scripting-via-unescaped-metadata-title-in-completehtmldocument","source":"disclosure@vulncheck.com"},{"url":"https://github.com/showdownjs/showdown/issues/1047","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59712","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-06T21:16:58.793","lastModified":"2026-07-07T14:16:34.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to enumerate all accounts and obtain credentials for offline password cracking, 2FA bypass, and session hijacking."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Leantime","product":"Leantime","defaultStatus":"unaffected","packageURL":"pkg:npm/leantime","versions":[{"version":"0","lessThanOrEqual":"3.4.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:43:37.598340Z","id":"CVE-2026-59712","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/Leantime/leantime","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Leantime/leantime/commit/4f2612d13e0e8a2093092a846b44506cf133b671","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Leantime/leantime/issues/3556","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/leantime-credential-disclosure-via-unauthenticated-json-rpc-users-getuser-method","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59713","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-06T21:16:58.930","lastModified":"2026-07-07T15:16:49.700","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attacker."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Leantime","product":"Leantime","defaultStatus":"unaffected","packageURL":"pkg:npm/leantime","versions":[{"version":"0","lessThanOrEqual":"3.4.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:22:32.113353Z","id":"CVE-2026-59713","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/Leantime/leantime","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Leantime/leantime/commit/9630eb7db682fb1b4e23cdabf3428d03ec6f5094","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Leantime/leantime/issues/3535","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/leantime-oidc-login-csrf-via-unconditional-state-verification-stub","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-32718","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:47.927","lastModified":"2026-07-07T15:16:43.513","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-changing operations such as validating cloud tokens and servers. This issue is fixed in version 4.0.0-beta.466."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.466","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:01:21.284915Z","id":"CVE-2026-32718","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/c15bcd56347fc8c535755791e92e4f6c2af17e3a","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/8893","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-f47p-xrgc-977v","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-f47p-xrgc-977v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34049","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:48.117","lastModified":"2026-07-07T13:22:13.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configure backup inputs to inject commands. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":">= 4.0.0-beta.451, < 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:46:06.149619Z","id":"CVE-2026-34049","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/b1de75a7c67ce6aee977bd788b41e61837dbe0b9","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9168","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-4mpw-wcj4-v9pp","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-4mpw-wcj4-v9pp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34050","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:48.250","lastModified":"2026-07-07T15:16:44.300","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially modify auto-update settings or trigger update checks. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:50:49.586851Z","id":"CVE-2026-34050","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/0fed553207383f384b93cba24d28122065fa67d5","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9206","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-c339-w3cq-2rjr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-34153","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:48.370","lastModified":"2026-07-07T16:16:38.680","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fs_path and parent_dir values before validation, and submitFileStorage does not validate the user-controlled file-mount path before creating a volume, allowing an authenticated user who can add file storage to execute commands when the storage is saved. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:51:28.219962Z","id":"CVE-2026-34153","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/3fdce06b654fa3b7b4be59c0faaab6b4546c78de","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9176","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-46hp-7m8g-7622","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-34599","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:48.623","lastModified":"2026-07-07T15:16:44.700","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership (lowest privilege member role) to execute arbitrary commands as root on managed servers. The $container Livewire public property is interpolated directly into shell commands (docker logs, docker service logs) without sanitization, and can be modified by any client via the Livewire wire protocol because it lacks the #[Locked] attribute. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:23:22.310118Z","id":"CVE-2026-34599","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/f267a28cb2badc7e712c4592af4d79d090fe5063","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9229","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-q9j6-xcvx-px63","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-38976","sourceIdentifier":"cve@mitre.org","published":"2026-07-06T22:16:48.900","lastModified":"2026-07-07T17:16:36.247","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in op_super() / OP_SUPER due to a missing runtime guard for top-level super."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:13:20.807651Z","id":"CVE-2026-38976","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/hayat01sh1da/mrubyc/commit/c4aa2a06bfdd13a0f1ae5165c5760a2530314a42","source":"cve@mitre.org"},{"url":"https://github.com/mrubyc/mrubyc","source":"cve@mitre.org"},{"url":"https://github.com/mrubyc/mrubyc/issues/276","source":"cve@mitre.org"},{"url":"https://github.com/mrubyc/mrubyc/issues/276","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-41899","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:49.130","lastModified":"2026-07-07T15:16:45.423","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling spam, content injection, and webhook abuse. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:00:27.321492Z","id":"CVE-2026-41899","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/371e883c75a87d82c398bf89ee8ad6387348520d","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9653","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-v64c-v633-58xp","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-v64c-v633-58xp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42148","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:49.257","lastModified":"2026-07-07T13:22:13.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the dev_helper_version field without shell escaping, allowing an attacker who can set the helper version and trigger the helper image build in a development environment to execute arbitrary commands on the server. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.3,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:43:40.730615Z","id":"CVE-2026-42148","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/dc9322b11f5f4ab96e56af0df7d4f877e96e5e4c","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9670","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-x9qh-w4c4-54f9","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-x9qh-w4c4-54f9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42153","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:49.383","lastModified":"2026-07-07T14:16:30.477","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings (postgres_user and postgres_db) in shell-form commands, allowing an authenticated user to inject commands executed in the database container. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:46:25.230207Z","id":"CVE-2026-42153","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/b74f54302b1a857c22c55fe1210d700859b0b3df","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9674","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-gvc4-f276-r88p","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-gvc4-f276-r88p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42204","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:49.510","lastModified":"2026-07-07T15:16:46.867","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an authenticated team member to inject shell commands that execute on the host. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":">= 4.0.0-beta.471, < 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:47:26.768127Z","id":"CVE-2026-42204","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/e1aac50b745cf499e710b7e35cd2a9d6a1538dd9","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9684","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-chg4-63hm-xv9x","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-chg4-63hm-xv9x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-43921","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:49.837","lastModified":"2026-07-07T15:16:47.073","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's `Config::prettyPrintArrayToPHP()` method. When configuration values are updated, string values are written into `config.php` without escaping single quotes. Because `config.php` is loaded via a bare `include` on every HTTP request, an attacker with admin privileges can inject arbitrary PHP code that executes on every subsequent request. Version 0.8.0 contains a patch. Some workarounds are available. Restrict admin access to trusted personnel only; audit `config.php` for unexpected PHP code; and/ or at the reverse proxy/WAF level, restrict access to admin API endpoints that modify configuration."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.6.10, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:25:26.887871Z","id":"CVE-2026-43921","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-v4j9-w6pj-38w5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-43925","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:49.963","lastModified":"2026-07-07T15:16:47.183","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can gate promo code eligibility, an attacker may apply group-restricted discount codes and receive unauthorized discounts. Version 0.8.0 contains a patch. As a workaround, administrators can either remove group restrictions from promo codes or disable client self-registration (Settings → Clients → Disable signup)."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:59:39.698567Z","id":"CVE-2026-43925","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-q4rq-9844-r9w2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-43927","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:50.083","lastModified":"2026-07-07T13:22:13.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request completes the usage increment, a client can obtain unlimited discounted or free orders from a single-use or limited-use promo code. Version 0.8.0 patches the issue. Some workarounds are available. Disable promo codes entirely until a patch is available or monitor the `promo` table for `used` values exceeding `maxuses` and manually review affected orders."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:46:52.345735Z","id":"CVE-2026-43927","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-w898-cx35-25gh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-43928","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:50.210","lastModified":"2026-07-07T14:16:30.583","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount (`mc_gross`) to the client's balance without validating it against the invoice total. Combined with a $0.05 floating-point epsilon tolerance in the invoice credit-payment logic, this allows a client to underpay an invoice by up to $0.04 and still have it marked as fully paid. Version 0.8.0 patches the issue. There is no effective workaround without modifying the source code. Merchants using the PayPalEmail adapter should monitor IPN transactions for amounts that do not match their corresponding invoice totals, and manually review and refund suspicious payments."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:39:25.364995Z","id":"CVE-2026-43928","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"},{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-xjc6-g382-h942","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-xjc6-g382-h942","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59710","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-06T22:16:50.977","lastModified":"2026-07-07T13:57:49.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdown table headers, achieving stored XSS when untrusted markdown is rendered with the default github flavor configuration."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"showdown","product":"showdown","defaultStatus":"unaffected","packageURL":"pkg:npm/showdown","versions":[{"version":"0","lessThanOrEqual":"2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:45:18.218566Z","id":"CVE-2026-59710","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/showdownjs/showdown","source":"disclosure@vulncheck.com"},{"url":"https://github.com/showdownjs/showdown/commit/e5cab1e9a5dcea2bb3cbf888863fa7e65ab37edf","source":"disclosure@vulncheck.com"},{"url":"https://github.com/showdownjs/showdown/issues/1046","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/showdown-stored-xss-via-unescaped-table-header-id-attribute-injection","source":"disclosure@vulncheck.com"},{"url":"https://github.com/showdownjs/showdown/issues/1046","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53640","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T23:16:55.430","lastModified":"2026-07-07T15:16:47.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding read endpoints have no authorization guards. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive data and/or use a reverse proxy or WAF to restrict access to the affected endpoints."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:10:52.457718Z","id":"CVE-2026-53640","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-jqw4-3hj3-8m4f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53642","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T23:16:56.097","lastModified":"2026-07-07T15:16:47.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the \"Require Email Confirmation\" setting is enabled, a logged-in client with an unverified email address (`email_approved = 0`) can access all client-area pages (e.g. `/client/balance`, `/client/order/list`, `/client/invoice`) and read real account data, including wallet balances and transaction history. The API-side enforcement correctly restricts unverified clients to only profile-related endpoints, but the page-side enforcement is overly permissive, allowing any request whose path starts with `/client`. Version 0.8.0 contains a fix. No known workarounds that don't involve modifying the source code are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.5.6, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:26:52.722102Z","id":"CVE-2026-53642","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-7v47-rh46-w923","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53643","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T23:16:56.227","lastModified":"2026-07-07T15:16:47.930","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the `can_always_access` module flag (which grants all staff access to certain modules) and insufficient permission checks or unsafe parameter handling on individual endpoints. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive settings and/or use a reverse proxy or WAF to restrict access to the affected endpoints to trusted IP addresses or higher-privilege roles."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:58:59.610320Z","id":"CVE-2026-53643","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-563q-g4r4-6f9m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53644","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T23:16:56.360","lastModified":"2026-07-07T14:16:32.743","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an `active` state (e.g., `suspended`, `canceled`). The root cause is missing order-state validation in two client API endpoints, despite an `isActive()` helper already existing in the `Serviceapikey` module and the frontend UI correctly gating access on `order.status == 'active'`. Version 0.8.0 contains a fix. Some workarounds are available. If the `Serviceapikey` module is not needed, uninstall it to remove the affected endpoints. One may also use a reverse proxy or WAF to restrict access to `/api/client/order/service` and `/api/client/serviceapikey/reset` based on application-level order-state logic."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.5.3, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:45:35.578736Z","id":"CVE-2026-53644","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-qf6j-vq68-qmfh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53645","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T23:16:56.493","lastModified":"2026-07-07T14:16:32.857","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has `staff.create_and_edit_staff` can call `/api/admin/staff/permissions_update` targeting their own account and write any permission structure, bypassing the intended role-based access control boundary. Version 0.8.0 patches the issue. Some workarounds are available. Restrict the `staff.create_and_edit_staff` permission to only highly trusted staff members and/or use a reverse proxy or WAF to restrict access to `/api/admin/staff/permissions_update` to specific trusted roles."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:42:35.299407Z","id":"CVE-2026-53645","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-4hf7-xxxw-64rm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53646","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T23:16:56.683","lastModified":"2026-07-07T15:16:48.033","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already exists for a client (from a previous unexpired reset request), subsequent calls to the `reset_password` guest API endpoint reuse the existing token instead of generating a new one. The 15-minute validity window is anchored to the first request's `created_at` timestamp, not the time of the most recent email. An attacker who obtained the original reset link remains able to use it even after the victim requests a new reset, because the original token is never invalidated or rotated. Version 0.8.0 patches the issue. Some workarounds are available. Configure a reverse proxy (e.g., Nginx, Apache, Cloudflare) to apply per-IP rate limiting to the `/client/reset-password` endpoint to minimize the window of opportunity, and/or manually clear expired `client_password_reset` records from the database after a client reports a suspected compromise."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.5.6, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:55:46.808418Z","id":"CVE-2026-53646","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-vp66-w6rc-x32p","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53647","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T00:16:34.263","lastModified":"2026-07-07T15:16:48.137","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters (`custom_*` fields) stored in the key's database record. These custom fields are populated by billing administrators and can contain business-sensitive data such as pricing tiers, feature flags, rate limits, expiry overrides, or access scope data. Version 0.8.0 patches the issue. Some workarounds are available. Administrators can avoid storing sensitive data in `custom_*` API key configuration fields, monitor API logs for suspicious calls to `/api/guest/serviceapikey/get_info`, and/or disable the Serviceapikey module if not in active use."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.5.3, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:27:51.817290Z","id":"CVE-2026-53647","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-737q-9gpr-6mpq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53648","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T00:16:34.390","lastModified":"2026-07-07T15:16:48.243","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as `md5(<original filename>)` under the uploads directory. Because the stored path depends only on the client-supplied filename, two different downloadable products, or product/order files, uploaded with the same original filename will resolve to the same stored file path. A later upload can overwrite an earlier upload, causing customers or administrators downloading the earlier product to receive the later file instead. Version 0.8.1 patches the issue. Some workarounds are available. Restrict the `servicedownloadable.manage` permission to fully trusted administrators only. As an operational mitigation, ensure downloadable product files use unique filenames before upload. This reduces accidental collisions but does not fully address the underlying issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:57:58.054306Z","id":"CVE-2026-53648","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-x7p2-xhvc-cfp9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-11328","sourceIdentifier":"security@wordfence.com","published":"2026-07-07T02:16:28.583","lastModified":"2026-07-07T14:16:27.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"timstrifler","product":"Exclusive Addons for Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.7.9.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:41:59.298629Z","id":"CVE-2026-11328","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/exclusive-addons-for-elementor/tags/2.7.9.8/extensions/post-duplicator.php#L19","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/exclusive-addons-for-elementor/tags/2.7.9.8/extensions/post-duplicator.php#L34","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/690fd38c-0e12-45f3-9055-51252e4809b1?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-34034","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:47.603","lastModified":"2026-07-07T13:22:13.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentinel_token setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell syntax and execute commands on the host when Sentinel is restarted. This issue is fixed in version 4.0.0-beta.466."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.466","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:50:54.541531Z","id":"CVE-2026-34034","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/096d4369e59b3db7ace2db3ca42588c41b9b6019","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.466","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-rpr8-p7jc-x844","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-rpr8-p7jc-x844","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34035","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:47.873","lastModified":"2026-07-07T14:16:29.983","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the host. This issue is fixed in version 4.0.0-beta.466."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.466","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:41:13.576185Z","id":"CVE-2026-34035","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/fcd574e1eb1c2f504c48e5be4a5cb6d69f8f1f55","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.466","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-3xm2-hqg8-4m2p","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-3xm2-hqg8-4m2p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34037","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:48.020","lastModified":"2026-07-07T15:16:43.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo() Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an authenticated user to clone resources into destinations owned by other teams and access cross-tenant resources. This issue is fixed in version 4.0.0-beta.464."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.464","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:02:08.730195Z","id":"CVE-2026-34037","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/1759a1631cd63271ebf6caa250c6d93440eaa333","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.464","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-ggrr-wrvr-x83v","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-ggrr-wrvr-x83v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34047","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:48.287","lastModified":"2026-07-07T15:16:43.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources outside the authorized scope and potentially execute commands. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:29:17.689956Z","id":"CVE-2026-34047","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/bc91b41f92f1bbb53886a5d7a60335cbf1621cd5","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9169","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-652w-qv22-2r7c","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-652w-qv22-2r7c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34048","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:48.417","lastModified":"2026-07-07T15:16:43.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes and execute commands on team servers. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:56:06.562353Z","id":"CVE-2026-34048","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/847166a3f89b7c80972fa0d2e5c754976f95b6ad","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-mw6q-2hmg-mhxv","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-mw6q-2hmg-mhxv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34057","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:48.647","lastModified":"2026-07-07T14:16:30.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component (app/Livewire/Project/Database/Import.php) allows client-controlled container and server properties to reach shell commands without locking or validation, allowing an authenticated user to inject commands through a database import container name. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:10:22.405033Z","id":"CVE-2026-34057","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/d486bf09ab2da8ad78fa721a079f066c76ce08d2","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-6r3g-w7x8-54fj","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-6r3g-w7x8-54fj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34058","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:49.193","lastModified":"2026-07-07T14:16:30.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\\Resources exposes public methods (startUnmanaged, stopUnmanaged, restartUnmanaged) that accept a container ID parameter directly from the browser without any sanitization or escaping. This parameter is interpolated directly into shell commands executed via SSH on managed servers, enabling any authenticated team member to execute arbitrary OS commands on remote servers. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:40:25.442303Z","id":"CVE-2026-34058","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/944a038349216f00b390e905c121355adc8b23c1","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9172","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-rh5x-qx77-fq9v","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-rh5x-qx77-fq9v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34149","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:49.800","lastModified":"2026-07-07T15:16:44.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an authenticated user with database management permissions to execute commands on managed servers. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:06:56.986425Z","id":"CVE-2026-34149","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/952f3247970d261ff93f85c79066192f58f9557e","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/commit/99043600ee881fd8581185e7590604d9882382cd","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-4vff-6j8j-qhcg","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-4vff-6j8j-qhcg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34168","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:50.180","lastModified":"2026-07-07T15:16:44.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a storage name containing shell metacharacters and execute commands on managed servers when the resource is deleted. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:30:27.309062Z","id":"CVE-2026-34168","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/d2064dd4998694cda2eabd00149f7c4d1e94c699","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-mh8x-fppq-cp77","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-mh8x-fppq-cp77","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34170","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:50.357","lastModified":"2026-07-07T15:16:44.607","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp api_url field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a GitHub App source that causes Coolify to request internal services or cloud metadata endpoints. This issue is reported as fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:55:06.705972Z","id":"CVE-2026-34170","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-3g6r-cxv5-3c7h","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-3g6r-cxv5-3c7h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34171","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:50.513","lastModified":"2026-07-07T13:22:13.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/{uuid} endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit the crafted invitation URL to reset the victim account password to a predictable value. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:52:52.552186Z","id":"CVE-2026-34171","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/25d424c743d5134d4a005a6d8f754bb3235b632c","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-389w-cc6x-wr2m","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-389w-cc6x-wr2m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-34198","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:50.847","lastModified":"2026-07-07T14:16:30.377","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies ($proxies = '*'), accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks, has a circular caching dependency that prevents it from ever validating hosts. When a password reset is requested, the ResetPassword notification generates the reset URL using url(route(..., false)), which derives the host from the (spoofable) request. An unauthenticated attacker can trigger a password reset email containing a link pointing to an attacker-controlled domain, enabling token theft and account takeover. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:36:00.420701Z","id":"CVE-2026-34198","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/98569e4edbfc316877c9e0d27ea89fab3c49e3bd","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9193","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-cgj8-7m5q-x5gv","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-cgj8-7m5q-x5gv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42143","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:51.200","lastModified":"2026-07-07T15:16:46.463","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to inject shell metacharacters and execute commands as root when volume operations are triggered. This issue appears to be fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:40:47.171936Z","id":"CVE-2026-42143","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/d2064dd4998694cda2eabd00149f7c4d1e94c699","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-6pmw-6m96-4v4m","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-6pmw-6m96-4v4m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42147","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:51.760","lastModified":"2026-07-07T15:16:46.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:32:53.138107Z","id":"CVE-2026-42147","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42172","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:52.133","lastModified":"2026-07-07T15:16:46.667","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:56:57.098110Z","id":"CVE-2026-42172","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/b1a78df58efe3ac38679d18c888b5817c7f01216","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9677","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-c83f-5ph7-x8xv","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-c83f-5ph7-x8xv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42200","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T04:17:52.923","lastModified":"2026-07-07T13:22:13.557","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script (generate_init_scripts() method in app/Actions/Database/StartPostgresql.php) filename handling did not sufficiently restrict paths, allowing an authenticated user to write files outside the intended directory and achieve command execution through database initialization. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:48:01.024176Z","id":"CVE-2026-42200","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/1cf6c7d0aef8e0edb800ae43f44ded102397cb13","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9681","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-mv4c-9x67-rrmv","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-mv4c-9x67-rrmv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-26053","sourceIdentifier":"disclosures@gallagher.com","published":"2026-07-07T05:16:50.117","lastModified":"2026-07-07T14:16:29.567","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10."}],"affected":[{"source":"disclosures@gallagher.com","affectedData":[{"vendor":"Gallagher","product":"Command Centre Server","defaultStatus":"unaffected","versions":[{"version":"9.10","versionType":"custom","status":"affected"},{"version":"9.50","lessThan":"vEL9.50.1587(MR1)","versionType":"custom","status":"affected"},{"version":"9.40","lessThan":"vEL9.40.3130(MR3)","versionType":"custom","status":"affected"},{"version":"9.30","lessThan":"vEL9.30.3983(MR5)","versionType":"custom","status":"affected"},{"version":"9.20","lessThan":"vEL9.20.4349(MR7)","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"disclosures@gallagher.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:37:41.225293Z","id":"CVE-2026-26053","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosures@gallagher.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-26053","source":"disclosures@gallagher.com"}]}},{"cve":{"id":"CVE-2026-27790","sourceIdentifier":"disclosures@gallagher.com","published":"2026-07-07T05:16:50.500","lastModified":"2026-07-07T14:16:29.667","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected:\n\n\n\n\n\n  *  9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1))\n  *  9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3))\n  *  9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5))\n  *  9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7))\n  *  all versions of 9.10 and prior."}],"affected":[{"source":"disclosures@gallagher.com","affectedData":[{"vendor":"Gallagher","product":"T-20 Readers","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"9.10","versionType":"custom","status":"affected"},{"version":"9.50","lessThan":"vCR9.50.260616a","versionType":"custom","status":"affected"},{"version":"9.40","lessThan":"vCR9.40.260616a","versionType":"custom","status":"affected"},{"version":"9.30","lessThan":"vCR9.30.260616a","versionType":"custom","status":"affected"},{"version":"9.20","lessThan":"vCR9.20.260616a","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"disclosures@gallagher.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:37:17.360697Z","id":"CVE-2026-27790","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosures@gallagher.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-27790","source":"disclosures@gallagher.com"}]}},{"cve":{"id":"CVE-2026-27844","sourceIdentifier":"disclosures@gallagher.com","published":"2026-07-07T05:16:50.617","lastModified":"2026-07-07T14:16:29.760","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncaught Exception (CWE-248) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. \nVersion of Command Centre affected:\n\n\n\n\n\n  *  9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1))\n  *  9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3))\n  *  9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5))\n  *  9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7))\n  *  all versions of 9.10 and prior."}],"affected":[{"source":"disclosures@gallagher.com","affectedData":[{"vendor":"Gallagher","product":"Controller 7000 and 6000","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"9.10","versionType":"custom","status":"affected"},{"version":"9.50","lessThan":"vCR9.50.260616a","versionType":"custom","status":"affected"},{"version":"9.40","lessThan":"vCR9.40.260616a","versionType":"custom","status":"affected"},{"version":"9.30","lessThan":"vCR9.30.260616a","versionType":"custom","status":"affected"},{"version":"9.20","lessThan":"vCR9.20.260616a","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"disclosures@gallagher.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:36:45.478353Z","id":"CVE-2026-27844","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosures@gallagher.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-27844","source":"disclosures@gallagher.com"}]}},{"cve":{"id":"CVE-2026-34158","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T05:16:50.730","lastModified":"2026-07-07T14:16:30.277","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a single quote into docker_compose_custom_build_command or docker_compose_custom_start_command to break out of the quoted context and execute arbitrary commands on the managed server host during deployments, escaping the intended Docker container confinement. This issue is fixed in version 4.0.0-beta.469."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.469","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:38:23.643397Z","id":"CVE-2026-34158","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-j6j2-frv3-g6f7","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-j6j2-frv3-g6f7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42201","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T05:16:51.237","lastModified":"2026-07-07T15:16:46.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields (redis_password, keydb_password, dragonfly_password, clickhouse_admin_user, clickhouse_admin_password, postgres_user, mysql_user) are validated only as 'string' at the API layer, with zero shell-safety checks. These values are then interpolated directly into Docker Compose YAML command: strings without any escaping. This issue is fixed in version 4.0.0-beta.474."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.474","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:58:05.000375Z","id":"CVE-2026-42201","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/bff6d853708f3d7c861279586f107739036e67da","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9676","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-f35h-g2c2-q36v","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-f35h-g2c2-q36v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12277","sourceIdentifier":"contact@wpscan.com","published":"2026-07-07T06:16:21.893","lastModified":"2026-07-07T16:16:37.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server (such as wp-config.php) when guest upload mode is enabled. Deleting wp-config.php forces the site into its setup routine, which can be leveraged toward a full site takeover."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Frontend File Manager Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"23.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T15:30:40.776757Z","id":"CVE-2026-12277","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/30f208f6-9d7b-4aaf-8689-496521d1a1dc/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12375","sourceIdentifier":"contact@wpscan.com","published":"2026-07-07T06:16:22.003","lastModified":"2026-07-07T14:16:28.297","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator session on affected sites and beacons the site's secret keys and administrator details to attacker-controlled servers."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"uncanny-automator-pro","defaultStatus":"unaffected","versions":[{"version":"7.3.0.5","lessThan":"7.3.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:15:12.244680Z","id":"CVE-2026-12375","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/ddc83705-3df6-427c-957b-935135330f73/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-4375","sourceIdentifier":"contact@wpscan.com","published":"2026-07-07T06:16:22.360","lastModified":"2026-07-07T14:16:32.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"DoLeads Integrator","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"0.65","versionType":"semver","status":"affected"}]},{"vendor":"Unknown","product":"wp2epub","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"0.65","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:17:36.198319Z","id":"CVE-2026-4375","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/dd043e6c-e6c6-4c8d-aab0-5265d28f5cf6/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-57867","sourceIdentifier":"vdp@themissinglink.com.au","published":"2026-07-07T06:16:22.473","lastModified":"2026-07-07T14:16:33.097","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3."}],"affected":[{"source":"vdp@themissinglink.com.au","affectedData":[{"vendor":"MicroRealEstate","product":"MicroRealEstate","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0.0-alpha3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vdp@themissinglink.com.au","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:34:55.343716Z","id":"CVE-2026-57867","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vdp@themissinglink.com.au","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://github.com/microrealestate/microrealestate","source":"vdp@themissinglink.com.au"},{"url":"https://www.themissinglink.com.au/security-advisories/cve-2026-57867","source":"vdp@themissinglink.com.au"}]}},{"cve":{"id":"CVE-2026-57868","sourceIdentifier":"vdp@themissinglink.com.au","published":"2026-07-07T06:16:22.633","lastModified":"2026-07-07T14:16:33.210","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MicroRealEstate is affected by broken object-level access controls in PDF generator functionality.\n\nThis issue affects MicroRealEstate: through 1.0.0-alpha3."}],"affected":[{"source":"vdp@themissinglink.com.au","affectedData":[{"vendor":"MicroRealEstate","product":"MicroRealEstate","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0.0-alpha3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vdp@themissinglink.com.au","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:31:49.257188Z","id":"CVE-2026-57868","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vdp@themissinglink.com.au","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/microrealestate/microrealestate","source":"vdp@themissinglink.com.au"},{"url":"https://www.themissinglink.com.au/security-advisories/cve-2026-57868","source":"vdp@themissinglink.com.au"}]}},{"cve":{"id":"CVE-2026-57869","sourceIdentifier":"vdp@themissinglink.com.au","published":"2026-07-07T06:16:22.750","lastModified":"2026-07-07T14:16:33.317","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization.\n\nThis issue affects MicroRealEstate: through 1.0.0-alpha3."}],"affected":[{"source":"vdp@themissinglink.com.au","affectedData":[{"vendor":"MicroRealEstate","product":"MicroRealEstate","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0.0-alpha3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vdp@themissinglink.com.au","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:32:30.572324Z","id":"CVE-2026-57869","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vdp@themissinglink.com.au","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-1241"}]}],"references":[{"url":"https://github.com/microrealestate/microrealestate","source":"vdp@themissinglink.com.au"},{"url":"https://www.themissinglink.com.au/security-advisories/cve-2026-57869","source":"vdp@themissinglink.com.au"}]}},{"cve":{"id":"CVE-2026-57870","sourceIdentifier":"vdp@themissinglink.com.au","published":"2026-07-07T06:16:22.890","lastModified":"2026-07-07T14:16:33.430","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization.\n\nThis issue affects MicroRealEstate: through 1.0.0-alpha3."}],"affected":[{"source":"vdp@themissinglink.com.au","affectedData":[{"vendor":"MicroRealEstate","product":"MicroRealEstate","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0.0-alpha3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vdp@themissinglink.com.au","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:33:09.201742Z","id":"CVE-2026-57870","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vdp@themissinglink.com.au","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/microrealestate/microrealestate","source":"vdp@themissinglink.com.au"},{"url":"https://www.themissinglink.com.au/security-advisories/cve-2026-57870","source":"vdp@themissinglink.com.au"}]}},{"cve":{"id":"CVE-2026-57871","sourceIdentifier":"vdp@themissinglink.com.au","published":"2026-07-07T06:16:23.017","lastModified":"2026-07-07T14:16:33.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files.\n\nThis issue affects MicroRealEstate: through 1.0.0-alpha3."}],"affected":[{"source":"vdp@themissinglink.com.au","affectedData":[{"vendor":"MicroRealEstate","product":"MicroRealEstate","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0.0-alpha3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vdp@themissinglink.com.au","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:33:34.529387Z","id":"CVE-2026-57871","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vdp@themissinglink.com.au","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/microrealestate/microrealestate","source":"vdp@themissinglink.com.au"},{"url":"https://www.themissinglink.com.au/security-advisories/cve-2026-57871","source":"vdp@themissinglink.com.au"}]}},{"cve":{"id":"CVE-2026-58315","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-07T06:16:23.147","lastModified":"2026-07-07T14:16:33.793","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"SEIKO EPSON CORPORATION","product":"Web Config","versions":[{"version":"See the information/details provided by the vendor","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:34:04.279358Z","id":"CVE-2026-58315","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN87285119/","source":"vultures@jpcert.or.jp"},{"url":"https://www.epson.jp/news/info/a-security202607.htm","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-5730","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T08:16:25.540","lastModified":"2026-07-07T14:16:34.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.\n\nThis issue affects Ontime: through 04052026."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Idvlabs Software and Consulting Services Inc.","product":"Ontime","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"04052026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:25:25.847593Z","id":"CVE-2026-5730","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-5799","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T08:16:25.677","lastModified":"2026-07-07T14:16:34.440","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers.\n\nThis issue affects Ontime: through 04052026."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Idvlabs Software and Consulting Services Inc.","product":"Ontime","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"04052026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:26:31.856904Z","id":"CVE-2026-5799","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-7380","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T08:16:25.793","lastModified":"2026-07-07T14:16:34.677","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows XSS Targeting HTML Attributes.\n\nThis issue affects Access Control System (GKS): before Version 2."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Armiya Information Technologies Ltd. Co.","product":"Access Control System (GKS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:24:56.062764Z","id":"CVE-2026-7380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-8306","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T08:16:25.910","lastModified":"2026-07-07T14:16:34.773","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Stored XSS.\n\nThis issue affects Access Control System (GKS): before Version 2."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Armiya Information Technologies Ltd. Co.","product":"Access Control System (GKS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:27:23.786490Z","id":"CVE-2026-8306","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-8309","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T08:16:26.023","lastModified":"2026-07-07T14:16:34.870","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Reflected XSS.\n\nThis issue affects Access Control System (GKS): before Version 2."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Armiya Information Technologies Ltd. Co.","product":"Access Control System (GKS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:28:35.947494Z","id":"CVE-2026-8309","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-8377","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T08:16:26.127","lastModified":"2026-07-07T14:16:34.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.\n\nThis issue affects Access Control System (GKS): before Version 2."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Armiya Information Technologies Ltd. Co.","product":"Access Control System (GKS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:29:03.658771Z","id":"CVE-2026-8377","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-13199","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-07-07T09:16:29.857","lastModified":"2026-07-07T14:16:28.447","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources."}],"affected":[{"source":"prodsec@nozominetworks.com","affectedData":[{"vendor":"Raspberry Pi","product":"Raspberry Pi 5 and Compute Module 5","defaultStatus":"unaffected","packageName":"rpi-eeprom","modules":["EEPROM firmware"],"platforms":["Linux"],"packageURL":"pkg:deb/debian/rpi-eeprom","versions":[{"version":"0","lessThan":"28.22-1","versionType":"apt","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:21:12.730043Z","id":"CVE-2026-13199","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-331"}]}],"references":[{"url":"https://github.com/raspberrypi/rpi-eeprom/pull/841","source":"prodsec@nozominetworks.com"},{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-13199","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2026-14474","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T10:16:39.870","lastModified":"2026-07-07T14:16:28.947","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:41:44.076680Z","id":"CVE-2026-14474","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-14474","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496556","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-14476","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T10:16:39.993","lastModified":"2026-07-07T15:16:42.940","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sssd","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:34:29.054689Z","id":"CVE-2026-14476","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-14476","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496581","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-11340","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T11:16:32.247","lastModified":"2026-07-07T13:19:36.010","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Liman MYS: before release.Master.1107."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"HAVELSAN Inc.","product":"Liman MYS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"release.master.1107","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T12:04:46.256043Z","id":"CVE-2026-11340","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2011-10043","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-07T12:16:24.880","lastModified":"2026-07-07T17:16:31.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.\n\nModule names starting with \"::\" could be passed to the load function to specify arbitrary module paths.\n\nAttackers able to influence module names passed to load could use that bug to execute arbitrary code."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"BINGOS","product":"Module::Load","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Module-Load","programFiles":["lib/Module/Load.pm"],"programRoutines":[{"name":"Module::Load::_to_file"}],"repo":"https://github.com/jib/module-load","versions":[{"version":"0","lessThan":"0.22","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:04:25.108284Z","id":"CVE-2011-10043","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-145"}]}],"references":[{"url":"https://blogs.perl.org/users/michael_g_schwern/2011/10/how-not-to-load-a-module-or-bad-interfaces-make-good-people-do-bad-things.html","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/BINGOS/Module-Load-0.22/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/BINGOS/Module-Load-0.22/diff/BINGOS/Module-Load-0.20/lib/Module/Load.pm","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-11348","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T12:16:28.617","lastModified":"2026-07-07T14:16:27.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data.\n\nThis issue affects Liman MYS: before release.Master.1107."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"HAVELSAN Inc.","product":"Liman MYS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"release.master.1107","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:22:39.464228Z","id":"CVE-2026-11348","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-13696","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-07T12:16:32.730","lastModified":"2026-07-07T14:16:28.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.\n\nThis issue affects Liman MYS: before release.Master.1107."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"HAVELSAN Inc.","product":"Liman MYS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"release.master.1107","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:23:27.581114Z","id":"CVE-2026-13696","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-6101","sourceIdentifier":"security@wordfence.com","published":"2026-07-07T14:16:34.543","lastModified":"2026-07-07T15:16:49.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"mohammed_kaludi","product":"AMP for WP – Accelerated Mobile Pages","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T14:12:15.826434Z","id":"CVE-2026-6101","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/accelerated-moblie-pages.php#L1616","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/admin-config.php#L1700","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/core/panel.php#L175","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/framework.php#L2832","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/accelerated-moblie-pages.php#L1616","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/admin-config.php#L1700","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/core/panel.php#L175","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/framework.php#L2832","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3512870/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b594d0e9-d805-48b9-bfd4-4cc77dd3a70e?source=cve","source":"security@wordfence.com"}]}}]}