{"resultsPerPage":137,"startIndex":0,"totalResults":137,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T02:46:02.717","vulnerabilities":[{"cve":{"id":"CVE-2025-8889","sourceIdentifier":"contact@wpscan.com","published":"2025-09-09T06:15:32.370","lastModified":"2026-07-10T15:38:30.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Compress & Upload","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-09-09T19:36:31.528158Z","id":"CVE-2025-8889","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eliehanna:compress_\\&_upload:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.0.5","matchCriteriaId":"CCB3E97E-8BC2-4CAD-9FC3-C7ED65E54489"}]}]}],"references":[{"url":"https://wpscan.com/vulnerability/5d84a577-62aa-4aa2-ac39-b146eae65243/","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-37094","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-03T22:16:25.673","lastModified":"2026-07-10T15:16:35.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication token for a controlled account and replay it against any victim account sharing the same password, since tokens are bound to password hashes rather than unique per-user values, bypassing the victim's 2FA protections."},{"lang":"es","value":"EspoCRM 5.8.5 contiene una vulnerabilidad de autenticación que permite a los atacantes acceder a otras cuentas de usuario manipulando los encabezados de autorización. Los atacantes pueden decodificar y modificar los tokens Basic Authorization y Espo-Authorization para obtener acceso no autorizado a información y privilegios de usuarios administrativos."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"EspoCRM","product":"EspoCRM","defaultStatus":"unaffected","repo":"https://github.com/espocrm/espocrm","versions":[{"version":"5.7.0","lessThan":"5.9.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-04T19:36:20.554721Z","id":"CVE-2020-37094","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-303"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*","versionEndIncluding":"5.8.5","matchCriteriaId":"534BF0F6-C81A-445E-ACAA-2E5B08832ABF"}]}]}],"references":[{"url":"https://github.com/espocrm/espocrm/commit/b299220dd0c7acdaa1ed8be8ffd79c7985093c7a","source":"disclosure@vulncheck.com"},{"url":"https://www.espocrm.com","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.exploit-db.com/exploits/48376","source":"disclosure@vulncheck.com","tags":["Exploit","VDB Entry"]},{"url":"https://www.vulncheck.com/advisories/espocrm-two-factor-auth-bypass-via-auth-token-reuse-between-accounts-with-identical-passwords","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-11332","sourceIdentifier":"secalert@redhat.com","published":"2026-06-05T09:16:26.070","lastModified":"2026-07-10T16:16:23.310","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"migration-toolkit-virtualization/mtv-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mtv-candidate/mtv-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-rhel9-operator","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/volsync-operator-bundle","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/volsync-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-24/lightspeed-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-25/lightspeed-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/de-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/de-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/eda-controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/gateway-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/hub-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/hub-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/lightspeed-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/lightspeed-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/platform-resource-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/platform-resource-runner-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/aap-cloud-billing-operator-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/de-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/de-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/eda-controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/gateway-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/hub-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/hub-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/lightspeed-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/lightspeed-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/metrics-service-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/platform-resource-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/platform-resource-runner-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/ansible-devspaces-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/metrics-service-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/ee-minimal-rhel8","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/ee-minimal-rhel8","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-ansible-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/bootc-automation-portal-rhel9","cpes":["cpe:/a:redhat:ansible_portal:2"]},{"vendor":"Red Hat","product":"Service Telemetry Framework 1.5","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"stf/service-telemetry-rhel9-operator","cpes":["cpe:/a:redhat:stf:1.5"]},{"vendor":"Red Hat","product":"Service Telemetry Framework 1.5","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"stf/smart-gateway-rhel9-operator","cpes":["cpe:/a:redhat:stf:1.5"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-05T15:43:53.403669Z","id":"CVE-2026-11332","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-11332","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485379","source":"secalert@redhat.com"},{"url":"https://github.com/ansible/ansible","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-11332","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485379","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11332.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-0274","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:55.187","lastModified":"2026-07-10T16:49:09.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XSIAM CommvaultSecurityIQ Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.1.0","lessThan":"1.2.0","versionType":"custom","status":"affected","changes":[{"at":"1.2.0","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cortex XSOAR CommvaultSecurityIQ Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.1.0","lessThan":"1.2.0","versionType":"custom","status":"affected","changes":[{"at":"1.2.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-0274","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1390"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsiam_commvaultsecurityiq_marketplace:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"DD151BA7-879B-4F39-BFAF-9046253FE182"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsoar_commvaultsecurityiq_marketplace:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2D8C3692-1612-455C-AF1F-6A697BF07622"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0274","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11769","sourceIdentifier":"security@grafana.com","published":"2026-06-13T06:16:14.380","lastModified":"2026-07-10T16:16:23.677","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.\n\n\n### Summary\n\nThe Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod.\n\n\n### Impact\n\nIt is possible for a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager.\n\n### Affected versions\n\nAll Grafana Operator versions <= 5.23\n\n### Solutions and mitigations\n\nAll installations should be upgraded as soon as possible.\n\nAs a workaround, the following ValidatingAdmissionPolicy prevent the creation or modification of jsonnet based resources:\n\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicy\nmetadata:\n  name: \"prevent-jsonnet-dashboards\"\nspec:\n  failurePolicy: Fail\n  matchConstraints:\n    resourceRules:\n      - apiGroups: [\"grafana.integreatly.org\"]\n        apiVersions: [\"v1beta1\"]\n        operations: [\"CREATE\", \"UPDATE\"]\n        resources: [\"grafanadashboards\", \"grafanalibrarypanels\"]\n  validations:\n    - expression: \"!has(object.spec.jsonnetLib)\"\n---\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicyBinding\nmetadata:\n  name: \"prevent-jsonnet-dashboards-clusterwide\"\nspec:\n  policyName: \"prevent-jsonnet-dashboards\"\n  validationActions: [Deny]\n\n\n\n### Acknowledgement\n\nWe would like to thank Artem Cherezov for responsibly disclosing the vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Operator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.23.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T17:24:16.248300Z","id":"CVE-2026-11769","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana_operator:*:*:*:*:*:*:*:*","versionEndExcluding":"5.24.0","matchCriteriaId":"A03C27FE-3E61-4442-9AC7-C9A7B0E30825"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-11769","source":"security@grafana.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10601","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:16:25.167","lastModified":"2026-07-10T16:16:22.733","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:44:03.006985Z","id":"CVE-2026-10601","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.0:-:*:*:-:*:*:*","matchCriteriaId":"1C499469-E087-433D-809A-92F454E0D917"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-10601","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-42129","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:17:36.340","lastModified":"2026-07-10T16:16:31.113","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:44:32.401117Z","id":"CVE-2026-42129","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:loki_datasource:-:*:*:*:*:*:*:*","matchCriteriaId":"AC9FBA76-8620-4AE4-85A3-AB43E19A6331"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-42129","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-9029","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:17:55.800","lastModified":"2026-07-10T16:16:39.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard (stored cross-site scripting)."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T03:55:45.644989Z","id":"CVE-2026-9029","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:-:*:*:*","matchCriteriaId":"BBF9171C-F062-4FA4-8513-2D540FA072C9"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-9029","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-42127","sourceIdentifier":"security@grafana.com","published":"2026-06-22T18:16:37.430","lastModified":"2026-07-10T16:16:30.967","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Enterprise","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:28:16.184877Z","id":"CVE-2026-42127","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"11.6.14","matchCriteriaId":"BCCF12AE-CA32-42A8-9837-4EF45704D150"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.8","matchCriteriaId":"E60EEF4D-DD52-4DB1-9E58-59B7EE4D1D9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.6","matchCriteriaId":"F0AF4DB6-120E-44EE-BF4D-E41FCBE88A77"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.4.0","versionEndIncluding":"12.4.3","matchCriteriaId":"8F22EAA5-D510-4261-9A3F-6AC315378F23"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.0.0","versionEndIncluding":"13.0.1","matchCriteriaId":"16FCDFDF-CD01-4A1C-B6DB-9C4B116374FB"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-42127","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-57589","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T01:16:26.537","lastModified":"2026-07-10T16:39:52.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget()."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenBSD","product":"OpenBSD","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*","versionEndIncluding":"7.9","matchCriteriaId":"2A4C65E8-9C59-4F6F-A5E1-74401542604D"}]}]}],"references":[{"url":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://openai.com/index/patch-the-planet/","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-24815","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:32.473","lastModified":"2026-07-10T17:07:58.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<25R2-NM","status":"affected"},{"version":"≥25R2-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:28:43.371983Z","id":"CVE-2025-24815","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-24816","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:33.617","lastModified":"2026-07-10T17:08:40.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<25R2-NM","status":"affected"},{"version":"≥25R2-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:30:08.532062Z","id":"CVE-2025-24816","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-7406","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:33.720","lastModified":"2026-07-10T17:17:29.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<NM 25R1-NM","status":"affected"},{"version":"≥NM 25R1-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:31:19.958711Z","id":"CVE-2025-7406","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38969","sourceIdentifier":"cve@mitre.org","published":"2026-07-02T21:16:56.050","lastModified":"2026-07-10T15:16:39.710","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that \"The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve production web applications that may be subject to hostile input. It is not a production web server and is not intended to receive traffic from untrusted sources. Request smuggling is only reachable when WEBrick sits behind a proxy and receives hostile traffic in a production deployment, which is the configuration the project documents as discouraged.\""}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:45:28.645063Z","id":"CVE-2026-38969","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://github.com/ruby/webrick/blob/master/README.md","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/issues/198","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/pull/199","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/issues/198","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-14534","sourceIdentifier":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","published":"2026-07-04T14:16:28.400","lastModified":"2026-07-10T15:10:15.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern."}],"affected":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","affectedData":[{"vendor":"trailofbits","product":"fickling","defaultStatus":"unaffected","collectionURL":"https://pypi.org/project/fickling/","packageName":"fickling","versions":[{"version":"0","lessThanOrEqual":"0.1.10","versionType":"custom","status":"affected"},{"version":"0.1.11","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:59:25.631510Z","id":"CVE-2026-14534","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","description":[{"lang":"en","value":"CWE-184"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:python:*:*","versionEndIncluding":"0.1.10","matchCriteriaId":"7D2B4444-58DC-4227-BBD7-D68FB61FA761"}]}]}],"references":[{"url":"https://github.com/trailofbits/fickling/commit/e8408615b63adf034f891f653692ab9b51f0f5af","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Patch"]},{"url":"https://github.com/trailofbits/fickling/pull/272","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/trailofbits/fickling/releases/tag/v0.1.11","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Release Notes"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58380","sourceIdentifier":"secalert@redhat.com","published":"2026-07-06T15:16:40.020","lastModified":"2026-07-10T17:26:18.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:41:04.583701Z","id":"CVE-2026-58380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6F076B19-3582-4EC8-9625-D2E716652890"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58380","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496135","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/83699817","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16206","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59089","sourceIdentifier":"secalert@redhat.com","published":"2026-07-06T20:16:38.433","lastModified":"2026-07-10T16:09:55.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:48:49.016983Z","id":"CVE-2026-59089","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.6:*:*:*:*:*:*:*","matchCriteriaId":"1120719E-8A10-4680-816A-7971F135460B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-59089","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496583","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58384","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T09:16:30.003","lastModified":"2026-07-10T15:21:56.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:30:05.659315Z","id":"CVE-2026-58384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6F076B19-3582-4EC8-9625-D2E716652890"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58384","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2497431","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/da29e217","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16216","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-28378","sourceIdentifier":"security@grafana.com","published":"2026-07-07T22:16:50.607","lastModified":"2026-07-10T16:05:56.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Enterprise","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.13","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThanOrEqual":"12.1.9","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.7","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.5","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.1","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.13","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThanOrEqual":"12.1.9","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.7","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.5","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:50:28.034051Z","id":"CVE-2026-28378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"11.6.0","versionEndIncluding":"11.6.13","matchCriteriaId":"9D59F356-7EE6-4323-B32B-6AA9895E4DF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.6.0","versionEndIncluding":"11.6.13","matchCriteriaId":"819B8356-78D3-481E-90E0-E06904E3597F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.9","matchCriteriaId":"BBDE0CB0-B614-4E8C-BCCE-1F355A2FE0E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.9","matchCriteriaId":"10C4CCFE-8186-4F2F-91E3-A7B678FC8B66"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.7","matchCriteriaId":"4A56F8B6-4BFF-4DBB-B645-2FF0BEDCA1FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.7","matchCriteriaId":"C8C2D5FB-AC31-4886-B455-009659BE58DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.5","matchCriteriaId":"CC445C84-CC5B-4723-86A6-88E966EBCDAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.5","matchCriteriaId":"CC523DB0-CC71-43F3-A842-5582CD1B3D90"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:-:*:*:*","matchCriteriaId":"BBF9171C-F062-4FA4-8513-2D540FA072C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"34DE1833-C0AD-48FD-AD0A-E58121F62683"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28378","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-14454","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-08T13:16:30.053","lastModified":"2026-07-10T15:31:22.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.\n\nImager mishandled large EXIF IFD entry count values, treating them as negative numbers.  This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.\n\nAn attacker could craft an image with EXIF data that terminates a worker process."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"TONYC","product":"Imager","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Imager","programFiles":["imexif.c"],"programRoutines":[{"name":"tiff_load_ifd"}],"repo":"https://github.com/tonycoz/imager","versions":[{"version":"0","lessThan":"1.033","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:50:57.514385Z","id":"CVE-2026-14454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-196"},{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tonycoz:imager:*:*:*:*:*:perl:*:*","versionEndExcluding":"1.033","matchCriteriaId":"7A93C7AC-6CF1-4A7F-A3CC-F4EA72208710"}]}]}],"references":[{"url":"https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/TONYC/Imager-1.033/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-22927","sourceIdentifier":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","published":"2026-07-08T14:16:57.060","lastModified":"2026-07-10T15:27:32.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Omnissa Workspace ONE® Tunnel for Windows addresses a   Local Privilege Escalation Vulnerability."}],"affected":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","affectedData":[{"vendor":"Omnissa","product":"Omnissa Workspace ONE® Tunnel for Windows","defaultStatus":"unaffected","versions":[{"version":"Omnissa Workspace ONE® Tunnel for Windows prior to 26.03","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-22927","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:omnissa:workspace_one_tunnel:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"2A20A5AE-BB42-4361-BB36-B4016C16827F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.omnissa.com/omnissa-security-response/","source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","tags":["Vendor Advisory"]},{"url":"https://www.omnissa.com/omsa-2026-0002","source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3144","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-08T16:16:28.463","lastModified":"2026-07-10T17:01:12.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"API Connect","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0.0","lessThan":"12.1.0.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-3144","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0.0","versionEndExcluding":"12.1.1.0","matchCriteriaId":"C2FCDDB6-E3A4-4E7A-9B59-5C1DD585D384"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278909","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9074","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-08T16:16:35.050","lastModified":"2026-07-10T16:59:16.577","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"API Connect","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"],"versions":[{"version":"10.0.8.0","lessThan":"10.0.8.9","versionType":"semver","status":"affected"},{"version":"12.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-9074","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.8.0","versionEndExcluding":"10.0.8.10","matchCriteriaId":"5F7752F5-8A00-4C79-9B5B-B674AD2F1E25"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0.0","versionEndExcluding":"12.1.1.0","matchCriteriaId":"C2FCDDB6-E3A4-4E7A-9B59-5C1DD585D384"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278218","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7278909","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-3110","sourceIdentifier":"security@openvpn.net","published":"2026-07-08T17:17:19.650","lastModified":"2026-07-10T17:00:29.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy"}],"affected":[{"source":"security@openvpn.net","affectedData":[{"vendor":"OpenVPN","product":"Access Server","defaultStatus":"unaffected","versions":[{"version":"2.7.2","lessThanOrEqual":"3.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@openvpn.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:29:40.241425Z","id":"CVE-2025-3110","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@openvpn.net","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.2","versionEndIncluding":"3.1.0","matchCriteriaId":"1E78FCC3-BC92-47D0-83BB-309B2F778217"}]}]}],"references":[{"url":"https://openvpn.net/as-docs/as-3-2-release-notes.html","source":"security@openvpn.net","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-15154","sourceIdentifier":"secalert@redhat.com","published":"2026-07-08T20:16:48.430","lastModified":"2026-07-10T15:24:29.933","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-built-in-detector-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T20:38:40.332330Z","id":"CVE-2026-15154","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:*","matchCriteriaId":"EBF0A70A-E606-48C8-82C2-4D8760146265"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15154","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498188","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0288","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-08T21:16:45.590","lastModified":"2026-07-10T15:45:17.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\n\nThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .\n\nPanorama is not impacted by this vulnerability."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","defaultStatus":"affected","platforms":["AWS","Azure"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0","lessThan":"12.1.8","versionType":"custom","status":"affected","changes":[{"at":"12.1.8","status":"unaffected"},{"at":"12.1.7-h2","status":"unaffected"},{"at":"12.1.4-h8","status":"unaffected"}]},{"version":"11.2.0","lessThan":"11.2.13","versionType":"custom","status":"affected","changes":[{"at":"11.2.13","status":"unaffected"},{"at":"11.2.10-h12","status":"unaffected"},{"at":"11.2.7-h18","status":"unaffected"},{"at":"11.2.4-h20","status":"unaffected"}]},{"version":"11.1.0","lessThan":"11.1.16","versionType":"custom","status":"affected","changes":[{"at":"11.1.16","status":"unaffected"},{"at":"11.1.13-h9","status":"unaffected"},{"at":"11.1.10-h30","status":"unaffected"},{"at":"11.1.7-h8","status":"unaffected"},{"at":"11.1.6-h35","status":"unaffected"},{"at":"11.1.4-h35","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.7-h36","versionType":"custom","status":"affected","changes":[{"at":"10.2.18-h8","status":"unaffected"},{"at":"10.2.16-h9","status":"unaffected"},{"at":"10.2.13-h23","status":"unaffected"},{"at":"10.2.10-h39","status":"unaffected"},{"at":"10.2.7-h36","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","defaultStatus":"unaffected","versions":[{"version":"11.2.0","lessThan":"11.2.7-h18","versionType":"custom","status":"affected","changes":[{"at":"11.2.7-h18","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.10-h39","versionType":"custom","status":"affected","changes":[{"at":"10.2.10-h39","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T03:55:51.922548Z","id":"CVE-2026-0288","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.7","matchCriteriaId":"243077CD-5021-4DF3-8AC7-5B14F7FD9710"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.8","versionEndExcluding":"10.2.10","matchCriteriaId":"F5A3E6A6-EE04-409C-AE6F-FC1ACE4C4666"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.11","versionEndExcluding":"10.2.13","matchCriteriaId":"CD4B8D09-F2B3-4C9A-A583-46DE85D9D43E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.14","versionEndExcluding":"10.2.16","matchCriteriaId":"4386D092-83D6-4914-8C26-3A1EE056FEC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","matchCriteriaId":"A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"EFB63AFC-C3EC-4D1A-BC4A-810662AD16BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"E67DEF1D-8674-41E8-AA07-0499DCCFD67A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"AA4994CB-6591-4B44-A5D7-3CDF540B97DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"71EB32DA-D82F-49DD-B06F-7F10F08F740E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"BF05E61D-0EC2-4755-8FCF-12E102A4D8FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"22ED8EDB-5549-4D29-90D2-FFE33D030912"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"A6AB7874-FE24-42AC-8E3A-822A70722126"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"61B69220-4155-4462-A133-CE7A54747B83"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","matchCriteriaId":"34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","matchCriteriaId":"0D88CC33-7E32-4E82-8A94-70759E910510"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"FA109AEA-0015-4EAA-BD86-F070FEEA2DF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","matchCriteriaId":"F90EF82F-1CC6-44B4-AFF9-02DF4EE84F81"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","matchCriteriaId":"FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","matchCriteriaId":"6B4D43CC-1B4E-4380-B4A2-487870EFC5B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","matchCriteriaId":"DF7382E1-0678-40BC-8964-9D00F6C4C6F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*","matchCriteriaId":"28994519-3519-4E94-8D8B-7C4251A82B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"776E06EC-2FDA-4664-AB43-9F6BE9B897CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*","matchCriteriaId":"53981EA8-847F-4FBC-BA55-8EDF591E0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h34:*:*:*:*:*:*","matchCriteriaId":"8585BA8F-2AA0-4413-81A1-927FE523598C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h35:*:*:*:*:*:*","matchCriteriaId":"B12B5B2A-0F57-4D81-B6CE-050D1F183B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"20A2E1F0-8303-483F-9199-9FE257B8A228"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","matchCriteriaId":"3AF4AB7F-F9B0-4DC4-BFC5-8FC60CE65A9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","matchCriteriaId":"CBE09375-A863-42FF-813F-C20679D7C45C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"0247BDD2-714F-4FFD-9433-FEC7747B30D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"1311961A-0EF6-488E-B0C2-EDBD508587C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","matchCriteriaId":"C779DF2B-D72A-4327-8AD8-3EA6751741F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","matchCriteriaId":"03C5ABF2-8C53-4376-8A64-6CB34E18E77C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"64F22CCE-6EAF-403B-B522-C11085410C65"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FF7FCD8B-80DF-4004-A9D2-4EE884F089A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","matchCriteriaId":"15F5A583-A213-475E-8305-B8087DADCABF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","matchCriteriaId":"83C9637A-B615-4CC2-84AA-BDCFE611484C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","matchCriteriaId":"7EB3881C-B255-41AD-B61F-C14743824A3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","matchCriteriaId":"224270A7-767D-433B-AD51-C031506747C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*","matchCriteriaId":"A532EFC6-A883-4279-8C05-9CD600B3F963"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*","matchCriteriaId":"F4F20C02-DF90-4609-9254-B765481C83E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"872BC747-512A-4872-AC86-E7F1DC589F47"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*","matchCriteriaId":"E5E36C87-E01D-49DC-AB73-10E5EE27F596"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*","matchCriteriaId":"39437442-B24D-492F-B637-2203492327FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"67F527D0-F85B-4B83-AEA5-BA636FC89210"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*","matchCriteriaId":"984BE1FB-ADB7-4831-AEDD-39DBAED078B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*","matchCriteriaId":"AF2C954D-9763-41E3-A132-F83C82E79BC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h36:*:*:*:*:*:*","matchCriteriaId":"A963ECCF-0B20-4395-A8B0-BFFCD62598C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h37:*:*:*:*:*:*","matchCriteriaId":"F9242B47-DB67-4156-8165-A2198289EAAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"6CF8F985-7E51-49E6-857A-FAAF027F5611"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"B437DCEA-ABA3-41CA-B320-97EC430F1122"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"223673C1-9327-4C12-BF02-7447D2CAD16C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"593AFE7A-CB37-4156-A2B8-646A317F3176"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","matchCriteriaId":"C2B871A6-0636-42A0-9573-6F693D7753AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","matchCriteriaId":"F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*","matchCriteriaId":"F3F8462A-71C0-4F81-9882-C73BC90697CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h15:*:*:*:*:*:*","matchCriteriaId":"85653992-4FBF-445C-881B-5F2494B597BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*","matchCriteriaId":"C1B72E68-2D01-483F-BEC5-59C49E96B976"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*","matchCriteriaId":"E49419C4-9AFE-4B7F-90EF-DB50EBB608D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","matchCriteriaId":"60CE628F-C4CB-4342-8D71-DE61A089B612"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h21:*:*:*:*:*:*","matchCriteriaId":"7050FB97-DAA8-4A15-A253-23AADE921960"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h22:*:*:*:*:*:*","matchCriteriaId":"5EA595B2-C46B-4953-A306-2DB89E315286"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*","matchCriteriaId":"2447D2B1-A145-4036-B9F2-17648B193465"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*","matchCriteriaId":"C24353AF-DC81-49B9-9132-9EEC8E6009BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*","matchCriteriaId":"B4420489-AE0F-4A48-B2CE-C165BEBFA6A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*","matchCriteriaId":"C45D8DF1-9483-4B24-AB94-B1FF4A5F2606"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*","matchCriteriaId":"BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*","matchCriteriaId":"41B48ECA-FD05-4EA2-B1C9-771624EAAFF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*","matchCriteriaId":"4D65D1F0-323E-41AF-962E-1F9741748A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*","matchCriteriaId":"D5D41E00-D517-4B81-A7FC-C8E101884807"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h7:*:*:*:*:*:*","matchCriteriaId":"4607BEE9-193E-43A7-944C-031E956DAB85"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h8:*:*:*:*:*:*","matchCriteriaId":"8DD4A357-D281-49E0-A85E-034947561F67"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:*","matchCriteriaId":"8A30968E-901A-49AE-94B0-C44A5257AADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*","matchCriteriaId":"745A3A2A-73CF-4DC2-968B-ACFC66389E11"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*","matchCriteriaId":"3A1E533E-DE4A-4F2F-A71A-FFF56E757087"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h6:*:*:*:*:*:*","matchCriteriaId":"BED53F8F-F46B-4522-91C1-A9CABD6B0A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h7:*:*:*:*:*:*","matchCriteriaId":"CA746F4C-616D-43CC-AF74-C9895149557C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.4","matchCriteriaId":"459485B4-47FF-4A5F-9249-AE0445A0096A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.8","versionEndExcluding":"11.1.10","matchCriteriaId":"45D0EA32-45AE-4411-8E14-43B74715387C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.11","versionEndExcluding":"11.1.13","matchCriteriaId":"D9CE1AA7-46F4-4740-BF21-EE6732134D57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.14","versionEndExcluding":"11.1.16","matchCriteriaId":"7CE88EF0-36D2-44ED-AD30-7870BBAAC77F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","matchCriteriaId":"DF83EAA1-49E1-4AD0-A049-F1B3065950BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","matchCriteriaId":"BE3F7369-9F35-409A-9F47-45A959592DFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","matchCriteriaId":"6650937C-D778-4B5D-AA28-E7DA96DDAB7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","matchCriteriaId":"DB835E23-6984-413D-A870-8734E626D219"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","matchCriteriaId":"FD247097-EEC7-48E7-9C14-3314900BD5F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*","matchCriteriaId":"FD701663-4C57-4115-BD59-9DFFB504E2AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*","matchCriteriaId":"82816C09-6A9D-4AB2-AA55-62CC714CCA82"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*","matchCriteriaId":"A5A3CEBF-9F8A-47F9-A302-7C395F2A8146"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*","matchCriteriaId":"A79B51D2-74E8-4BA3-AE33-829A9C1776E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"83A04AA3-4B6C-4B75-9797-74FA230FD299"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*","matchCriteriaId":"E08297B1-95E9-4730-B59D-252B958C4199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*","matchCriteriaId":"B56B153E-8693-4257-9E33-38904A949ED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"AECB34F6-76F3-46E4-8F08-8570247AC281"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*","matchCriteriaId":"A220ED95-5E1A-45AA-85BD-8A58CFC6C697"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h33:*:*:*:*:*:*","matchCriteriaId":"70C9CB1D-2512-48E7-B8B2-6F6A4A23E0A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h34:*:*:*:*:*:*","matchCriteriaId":"003AE721-D537-442E-8F34-291877B792F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","matchCriteriaId":"E9DB4DA9-2262-4E9E-B3A1-49D261D01295"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"552C1E17-E4A7-462C-97E4-AF14C00B89FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"1EB942A4-026C-494D-A1DD-96259354CB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"4852E738-990C-4DD2-8252-D4625D843A99"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","matchCriteriaId":"010E5816-BB0D-438B-A280-AF35B435DCFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","matchCriteriaId":"CB2C59F8-2583-4510-90F8-500F8329AFFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7C31ACD7-46AB-4092-89F3-7B4C9B642199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","matchCriteriaId":"52C50A07-F4D8-4F1F-BA61-3429BB1721BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*","matchCriteriaId":"9D12FF27-C186-467C-8627-1284EBC67243"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*","matchCriteriaId":"AF4AA997-35BC-4BC1-9EF2-644503B2D806"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*","matchCriteriaId":"12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*","matchCriteriaId":"8FAE17BB-7938-41D0-8D62-46F829C647BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h18:*:*:*:*:*:*","matchCriteriaId":"2682D64E-79A4-4522-8742-7EF1637764AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*","matchCriteriaId":"6DA5A0AD-C4FB-4210-8651-F94F2875A0EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*","matchCriteriaId":"45D633D7-A4B5-4D68-9BAB-D9BA25877F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*","matchCriteriaId":"B79DB477-A907-4300-A651-16F93880B049"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*","matchCriteriaId":"AF74D8FA-677F-484D-9338-A1761614FFD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*","matchCriteriaId":"F9FC5118-4056-4E22-A1F0-D6FFA2B88472"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*","matchCriteriaId":"5E7A808F-F52F-4786-950C-591CCADB2EE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*","matchCriteriaId":"0CA82012-AA59-44C1-BB9D-0B28764D507E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*","matchCriteriaId":"27233F80-A620-42D3-927D-4FCDE6345456"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*","matchCriteriaId":"63729FA6-ED2A-4593-9436-232F282A0A78"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h32:*:*:*:*:*:*","matchCriteriaId":"33BF6023-0112-49BB-B378-6F4022B6A028"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h33:*:*:*:*:*:*","matchCriteriaId":"00F43B36-8EB6-4703-8C1E-A836B06767FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h34:*:*:*:*:*:*","matchCriteriaId":"6F6C4DE2-32FC-42C4-87E6-FCAD39322740"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*","matchCriteriaId":"F39792EF-61B5-4874-9FD0-7544F8C5C0D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*","matchCriteriaId":"4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*","matchCriteriaId":"91529C45-FA55-4844-A153-682F729F440D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*","matchCriteriaId":"A92886DF-C989-47AD-8F68-8F468BBC6E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*","matchCriteriaId":"9893920B-A00E-4890-A897-EE1CF0751BA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*","matchCriteriaId":"D1289923-12D8-4FDD-B18B-C52516F14922"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*","matchCriteriaId":"AFC923D7-672D-4556-8344-BBD285324067"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*","matchCriteriaId":"E1510DE9-04A3-4E08-872D-C0F6041BCFCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h25:*:*:*:*:*:*","matchCriteriaId":"2FA04925-5B8A-439E-AECD-1BDFD83F69C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h26:*:*:*:*:*:*","matchCriteriaId":"424C66D4-97F6-408A-B3AE-FE1A90E3ACE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h27:*:*:*:*:*:*","matchCriteriaId":"8AC1F50E-E6C2-4008-9955-7473DB169171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h28:*:*:*:*:*:*","matchCriteriaId":"6748CF45-9C54-4BB8-936D-C96F0FCA71BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*","matchCriteriaId":"31CD3B15-2CE0-404A-9542-9C39B8E71027"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*","matchCriteriaId":"0194DA0B-041A-4810-8BFB-2308290517B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*","matchCriteriaId":"69E64D86-034F-4BC7-9A4E-2703D834EBC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*","matchCriteriaId":"B992628F-1114-4FC8-9364-800ACE997044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*","matchCriteriaId":"9223B0D4-6194-4684-8EF4-84A0EF511D8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*","matchCriteriaId":"CB16C018-2B70-4F4D-9025-69FF82CD40F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*","matchCriteriaId":"1259B519-130D-4584-86AA-E4EA1E89ACB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*","matchCriteriaId":"0DCA6D54-E623-4985-B35F-AC98299828EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h5:*:*:*:*:*:*","matchCriteriaId":"8EF755C9-3BCE-4194-A74E-7D12F524929A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h6:*:*:*:*:*:*","matchCriteriaId":"7736DCE5-2943-4EF6-B9D3-B69CB59DB078"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h7:*:*:*:*:*:*","matchCriteriaId":"D9BA69E2-F499-422B-B07B-5211EF79EBEB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h8:*:*:*:*:*:*","matchCriteriaId":"56E49A3E-D380-4243-B587-3E1519C0A40F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.4","matchCriteriaId":"7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.5","versionEndExcluding":"11.2.7","matchCriteriaId":"A52983E4-71BF-46D7-8A4A-D199F7DCAA36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.8","versionEndExcluding":"11.2.10","matchCriteriaId":"85010E8F-E824-4C69-9B59-58DB01789ECB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.11","versionEndExcluding":"11.2.13","matchCriteriaId":"EF47F7BA-3C75-4BE4-A82A-17F4D6880507"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","matchCriteriaId":"C01AD190-F3C2-4349-A063-8C5C78B725B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","matchCriteriaId":"30F4CD1C-6862-4279-8D2D-40B4D164222F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*","matchCriteriaId":"8137F3AF-BA32-41BC-AD2E-A668FFA33892"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*","matchCriteriaId":"8C977AF0-D2B0-401A-A7C5-A1C71AC3C072"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*","matchCriteriaId":"B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*","matchCriteriaId":"D720448D-F40B-4C92-9101-A48AC36C9CBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*","matchCriteriaId":"5F12F7AC-D5B3-499E-87DA-27427D8BFFC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h17:*:*:*:*:*:*","matchCriteriaId":"37F41E72-9690-4BB2-BD60-0B06A7DE2329"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h18:*:*:*:*:*:*","matchCriteriaId":"34E9893A-7ADF-4556-AA7C-D69162307950"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","matchCriteriaId":"A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","matchCriteriaId":"6E46608E-682E-47B8-B810-8714571286C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*","matchCriteriaId":"76949F0F-2ADC-492F-83F0-0A1B0E861F97"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*","matchCriteriaId":"C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*","matchCriteriaId":"73888909-64C5-41BC-BAE0-BD9BDEEAF723"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*","matchCriteriaId":"E7861D82-815D-4894-9E11-1B6B1E66CDEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*","matchCriteriaId":"D269E33D-9A79-40CC-B79A-C9A398AB7AFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*","matchCriteriaId":"9762E441-856F-466F-812C-798CA2EEF965"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*","matchCriteriaId":"0A25C9D9-BC83-49AE-BEE7-EF05F8336B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"A93C2B58-EC78-4C3D-89FF-35D9C489E39F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"A32E35C0-913E-4348-8AD4-E1F169C40C92"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"39112398-2A93-4E26-A7DF-0E3FA81C5130"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"C88442D1-599F-411D-B7A2-E17AA839F177"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"B3B538CC-6EA0-4555-B828-18A55997F454"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"A50BD9F2-F961-4ACE-9FDB-456E92692AE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"DF22EEA1-B00E-4A5F-87FB-60AD7A5A762B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"825D883D-FB41-4E92-A6B5-EB34BFE36A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"2F4B0A4F-18B6-40F7-8445-9B51CF3E9AA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"D12C3EB6-842E-4378-896C-FDBB2BC75D10"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"86B41903-FF08-454D-B626-184CB73B122E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"396DC378-7716-40F6-88A4-99299A16CAF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"5E5C6E3A-262C-4212-B21C-00E8079AA8CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"4C855108-D3C9-4DE3-B9F4-9735A0A439AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*","matchCriteriaId":"051673AB-50BF-4DD0-8679-F5825520241A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"BAC15D8A-83CA-413F-BA2B-17EC2B169F6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FEAE5273-8618-4DDF-810E-37BF0EDE970B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"70B3EB0C-87F1-46C2-B95C-C5808E473BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"073BF631-451B-4DFC-B23C-F0F68C2450F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"13AA1BEF-F2F6-4534-89F3-DF4E79217978"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"CBFDE611-4981-4D92-ABAF-858DF132535F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"AAEA66F4-81AC-49C3-81B1-65EF5F16951A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"09187411-13D4-4F5C-AF42-0716F3C96129"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h8:*:*:*:*:*:*","matchCriteriaId":"019D37D8-94E4-4228-BCE3-A08E842AE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h9:*:*:*:*:*:*","matchCriteriaId":"7FE1FC3F-8682-4AB8-BF98-33783263952E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.2","versionEndExcluding":"12.1.4","matchCriteriaId":"43E1ADA0-0B71-4C1D-B53E-AA063BBCB827"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.5","versionEndExcluding":"12.1.7","matchCriteriaId":"D1EA4C4A-D7DC-4A63-B109-9C9328772E9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*","matchCriteriaId":"8C1ADE94-3F05-48EE-94E0-FD6EB682705C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"F727C18E-1C8D-448A-954C-073294FBC65C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"7E492BE6-EB2E-4616-85EA-3B389741301B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"E5F85240-989D-4E2D-B2D0-F0F35E0590A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"3D64D659-40F8-4A02-8385-954BE50C22CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"2320DB49-D6E3-44D1-AE4C-F1312CA542CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.7:-:*:*:*:*:*:*","matchCriteriaId":"CFE9B2D8-346B-4FC3-AFC8-3DC715B7C044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.7:h1:*:*:*:*:*:*","matchCriteriaId":"5D8051BF-DCD1-4AFD-B5C7-97D0AF135C6E"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54773","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T23:16:54.960","lastModified":"2026-07-10T15:16:41.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"CoreWCF","product":"CoreWCF","versions":[{"version":">= 1.9.0, < 1.9.1","status":"affected"},{"version":"< 1.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:12.419821Z","id":"CVE-2026-54773","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56458","sourceIdentifier":"psirt@hcl.com","published":"2026-07-09T10:16:26.967","lastModified":"2026-07-10T16:00:03.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL DevOps Deploy","defaultStatus":"unaffected","versions":[{"version":"8.1-8.1.2.6, 8.2-8.2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:34:18.620355Z","id":"CVE-2026-56458","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.1.2.7","matchCriteriaId":"887DBB0F-75F9-4D4E-ABE7-0346291F5F07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0.0","versionEndExcluding":"8.2.2.0","matchCriteriaId":"B77F76EE-7E45-43CA-B92F-2D3E770E7459"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131695","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56459","sourceIdentifier":"psirt@hcl.com","published":"2026-07-09T10:16:27.093","lastModified":"2026-07-10T15:55:49.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL DevOps Deploy / HCL Launch","defaultStatus":"unaffected","versions":[{"version":"7.3-7.3.2.18, 8.0-8.0.1.13, 8.1-8.1.2.6, 8.2-8.2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:37:02.972180Z","id":"CVE-2026-56459","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndExcluding":"8.0.1.14","matchCriteriaId":"268184CF-7A79-494C-BAA7-DDD43572A611"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.1.2.7","matchCriteriaId":"887DBB0F-75F9-4D4E-ABE7-0346291F5F07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0.0","versionEndExcluding":"8.2.2.0","matchCriteriaId":"B77F76EE-7E45-43CA-B92F-2D3E770E7459"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0.0","versionEndExcluding":"7.3.2.19","matchCriteriaId":"D3CD5E06-0635-40CE-BD51-1A77EE96EF12"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131696","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59224","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.770","lastModified":"2026-07-10T15:22:04.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal backend resolve another user identity; the HTTP proxy path also forwarded X-User-Id as an integrity-unbound identity claim. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-59224","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/5f3a628a8d291bb5d33e1a0b0c89fb62a2927934","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26042","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-j657-m4c4-24jq","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-13492","sourceIdentifier":"security@wordfence.com","published":"2026-07-09T19:17:03.883","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWP_Validation::validate_fields() function (which falls through to sanitize_text_field() for fields of type 'file', leaving directory-traversal sequences intact) combined with the UsersWP_Forms::upload_file_remove() AJAX handler building the deletion target from the uploads basedir concatenated with the attacker-controlled metadata value without any realpath canonicalization or uploads-directory boundary check before calling unlink(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the affected site's server, including wp-config."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stiofansisland","product":"UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2.65","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:47:26.202171Z","id":"CVE-2026-13492","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/AyeCode/userswp/commit/ddb17ad30ff3384cda85c5f372db30b03bd45ac8","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L1059","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L1973","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L2320","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L2323","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-validation.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3590340/userswp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf6390-480f-44e2-ae36-67e3398add33?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-49274","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.490","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page existence and retrieve title field values. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/1ae575da24e1b1cb8803a031d37eff14606d7c55","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3bad37117adf2013548a784f820ddb2d8317333c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3f4398cdcf9f50f84fdac52ad78a7a85fb31589f","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bffffce6c081f69c46163cc89b1fd18ccf2a18d1","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-23q2-54qv-rq5x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49276","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.670","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and enabling self cross-site scripting in the Panel. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:11:39.964148Z","id":"CVE-2026-49276","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-83"}]}],"references":[{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-rhj6-r49h-5932","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50188","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.827","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request(), Remote::get(), and Remote::post(), to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters in a header value to inject a separate unintended request header to the remote service. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:18:33.304762Z","id":"CVE-2026-50188","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-113"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/aa33414e1669e866cdd6f4decfae2a669e8bb828","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/fad9cbd22c73ed0fbd3aaf62310a8dcacfc007cd","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-4v4h-m2qq-ppgw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54002","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.977","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize(), Sane::sanitize(), Sane::Html::sanitize(), Sane::Svg::sanitize(), Sane::Xml::sanitize(), Sane::sanitizeFile(), or file sanitizeContents() with untrusted input allow malicious markup injected as children of an unknown HTML or XML tag to pass through Dom::sanitize() without being correctly sanitized, causing stored cross-site scripting. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:26:51.396531Z","id":"CVE-2026-54002","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-87"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/0f0437b5128c910103cbc78fc34d94b2a3faef4c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/7ad76cf9c7387462828e6ebfc8404e31b37829e9","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/9ec1873864441dbc06479ef7823da348ec7f2700","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bb2562e16c754493a403b8df84c9883108871e4c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-wr9h-4r83-f4v6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54003","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.120","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the Panel and create the first admin user because local-IP checks trusted those headers incorrectly. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:23:16.615569Z","id":"CVE-2026-54003","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-454"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/1c7fee90e49153cf9ca4a6ec17481d25fbedc48d","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3423f66c01dbc0455862e23ee699d2aa469f3234","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/66a3a14bf0892d320723ba766cd5f1d33a51d15b","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/ab992dc149610b90e337c2955ab6ccb7f72ffb3a","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/pull/8166","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-whxw-24jc-cwmv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54004","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.270","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview tokens, leading to disclosure of draft file contents. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:47:55.357107Z","id":"CVE-2026-54004","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/5b9a0ed587575e39156d37fa42ca7f6c73e121f7","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bc721080cd8dd4dcb7fc20b3fd0460ee8d0603b0","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-89cp-7p28-jffg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54005","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.400","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, including full content and metadata, for arbitrary published pages through the /api/site/find route without authorization to access those pages. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/a16dbd4329293c2c4b9a375d2badcb27c6337004","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/b22d0b64b6478ce6871dc7ec3368d7afaf078688","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-r3w8-2c5r-h9j9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54695","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.540","lastModified":"2026-07-10T15:16:41.020","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid from a Twilio stream-start handshake in src/pipecat/runner/utils.py, and passes it to TwilioFrameSerializer so the server can issue an authenticated Twilio REST API hang-up request with the server operator's credentials; equivalent unauthenticated call-control sinks exist for Telnyx and Plivo. This issue is fixed in version 1.4.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pipecat-ai","product":"pipecat","versions":[{"version":"< 1.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:59.390627Z","id":"CVE-2026-54695","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/pipecat-ai/pipecat/commit/3032da53434c5ef01d368654b3551cf21c50dec9","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/commit/88440676996e5e548e1aecea5d565e1c48ccf6fa","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/pull/4660","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/releases/tag/v1.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-j8cv-x86q-rj85","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-j8cv-x86q-rj85","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55207","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T21:16:55.890","lastModified":"2026-07-10T15:52:52.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker who knows a valid admin username can take over any Pimcore admin account by sending a password reset request with an attacker-controlled resetPasswordUrl. The server generates a real cryptographic recovery token, appends it to the supplied URL, and emails the link to the victim; when the victim clicks the link, the token is sent to the attacker and can be used with POST /pimcore-studio/api/login/token to authenticate with full admin privileges while bypassing two-factor authentication. This issue is fixed in versions 2025.4.6 and 2026.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":">= 2026.1.0, < 2026.1.6","status":"affected"},{"version":"< 2025.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:34:00.598927Z","id":"CVE-2026-55207","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-h854-c3m3-mh5v","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/commit/ea9d329686f5e5aea2eec378d63ac2deb965bb27","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/pull/1882","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2025.4.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2026.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-h854-c3m3-mh5v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55208","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T21:16:56.020","lastModified":"2026-07-10T15:52:52.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST /pimcore-studio/api/website-settings endpoint and other listing endpoints accept a columnFilters array where the key field is interpolated directly into SQL with manual backtick wrapping, allowing a backtick character to break out of quoting and append arbitrary SQL such as SLEEP() and IF() subqueries. This issue is fixed in versions 2025.4.6 and 2026.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":">= 2026.1.0, < 2026.1.6","status":"affected"},{"version":"< 2025.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:51:49.735662Z","id":"CVE-2026-55208","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-79cw-hfcc-7mw9","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/commit/f532428cfbf4f5d6e299a13cedd5c29541802552","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/pull/1883","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2025.4.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2026.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-79cw-hfcc-7mw9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15271","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T22:17:02.210","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"TOTOLINK","product":"A3000RU","cpes":["cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"A3100R","cpes":["cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"A950RG","cpes":["cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"AC1200T10","cpes":["cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"CP450","cpes":["cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"CS185R_T10","cpes":["cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"EX200","cpes":["cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:37:19.484529Z","id":"CVE-2026-15271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-272"}]}],"references":[{"url":"https://app.notion.com/p/A3000RU-V5-9c-5185-37a1f5ba989080d38bb6ca58b2a98c64?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15271","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852316","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852317","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852318","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852319","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852320","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852321","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852323","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377214","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377214/cti","source":"cna@vuldb.com"},{"url":"https://www.totolink.net/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15274","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T22:17:03.270","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull_parser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"lo48576","product":"fbxcel","cpes":["cpe:2.3:a:lo48576:fbxcel:*:*:*:*:*:*:*:*"],"modules":["Node Header Handler"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2","status":"affected"},{"version":"0.3","status":"affected"},{"version":"0.4","status":"affected"},{"version":"0.5","status":"affected"},{"version":"0.6","status":"affected"},{"version":"0.7","status":"affected"},{"version":"0.8","status":"affected"},{"version":"0.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:38:21.175762Z","id":"CVE-2026-15274","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"references":[{"url":"https://github.com/lo48576/fbxcel/","source":"cna@vuldb.com"},{"url":"https://github.com/lo48576/fbxcel/issues/14","source":"cna@vuldb.com"},{"url":"https://github.com/lo48576/fbxcel/pull/15","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15274","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852441","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377215","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377215/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-45780","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:04.770","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/37969503f20369eb1712b7b88daedcfb4f63f5f1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/4d46638041b5f3d1e1f7f6f6f19c1df3bd65a586","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/6457ab71f36a2d1440fe96af0a2593897844b023","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/7deb4b6963442569357b41e61febe37594e5e730","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-22v7-6wgj-g9f7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45788","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:04.933","lastModified":"2026-07-10T15:53:08.640","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pull_hotlinked_images when an attacker knew the secured upload URL and the secure_uploads site setting was enabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:39:07.478798Z","id":"CVE-2026-45788","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/5807c426880eadf248006e851604fc9284327ce5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/8b4a959b251a856a9c911fb9f2ac34fbc31a7471","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/eff53af26367ae0dcb3a426954d233e8c7449f95","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/fa74e0dec7341a858ab83a1977fa52629bced1aa","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-3876-w96v-8v38","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46413","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.090","lastModified":"2026-07-10T15:53:08.640","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:32:30.407572Z","id":"CVE-2026-46413","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/1f1ded8dd361d81786bff17b35e1138d6ee299c0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/7ddde266617b452152c1bf5f903f6c07be38fc40","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/a53df26dcf7e50ce2b20bfd5454a0c9d44b8fc7d","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/abaa664c5df84026efb2ca264ba0f5586c3f2b01","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-3mvf-q9rg-w6m7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49256","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.260","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowed_tags, allowed_tag_groups, or required tag groups could leak to anonymous and unauthorized users through category and group endpoints. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:39:15.102132Z","id":"CVE-2026-49256","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-mwp7-572g-6qpx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53961","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.440","lastModified":"2026-07-10T15:53:08.640","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish validly signed forged Bounce notifications that revoke a targeted user email. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:44:24.781167Z","id":"CVE-2026-53961","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/3a3d315a85ef3c6aabfc7e7bb38702059784f06b","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/61f12e13aa1b760f81d5ff60f12e3a7e77434b94","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/958f0cd831d65a49ec75f05343ca2c167679f0ea","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/aea35190791261bab258ebab05da279e78cdd0e6","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-8f9m-v436-wr3x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53963","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.763","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that account. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/40de62cddadc65c328a1028ab999f3fa94adbfed","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/529e17d4d570a48972e7cf64720e5dd1fdf23ca8","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/d92973e51a46cf6dd20c71e6068e6769b67eea5b","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/daea5214d833eacbdd3b1a78d99eb14e9cabd915","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-wg5x-7f23-m3r5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55424","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:06.097","lastModified":"2026-07-10T16:16:33.177","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic \"featured link\" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content Security Policy protections were modified or disabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:39:57.512653Z","id":"CVE-2026-55424","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/1bce8881e4253d9bbab56f011a12ef899b926b59","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/6679d9a5083488bae10c2adbb345c481c583242c","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/6828aee9b15c2655d63b515ac919830bd540ff83","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/c9b9405f5bd0bf0269e505e28e3aad388d7657c5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-695w-7fv8-mxg3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59828","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:09.973","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:17:36.503953Z","id":"CVE-2026-59828","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/1f26c1163ce87a2abbd1d01780ab1b5fb16e75f6","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/8b773332b0f937dfcd894ed56d56fc5a81578d9d","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/8d36da1b68c906592abde3f2e94d505cdf097435","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/d58988d46bb1019bfa8b8330ae81a1a134e08511","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-q456-4f8q-42vx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59832","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.627","lastModified":"2026-07-10T16:16:38.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticated request such as /snippets/%2e%2e/%2e%2e/conf/conf.json to read workspace secrets and the document database. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:41:47.607410Z","id":"CVE-2026-59832","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/68cc0f537dfa4502496dfa794e71835421c25c09","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-275h-v5h9-vr82","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59833","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.773","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored cross-site scripting in document export-preview and Bazaar package README render paths that can execute OS commands in the Electron desktop renderer. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:15:26.840084Z","id":"CVE-2026-59833","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/ebe252e61fb93f258d083b9da0fa403679fdf94a","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59834","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.900","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNION SELECT and return rows from hidden documents by projecting an allowed visible box and path. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:33:00.538761Z","id":"CVE-2026-59834","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/57bcad4b331836880bfe6be25d4180bdcf10db0d","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/commit/d0f0fe146fb07d594fcadc4f48d4f7c30ac01d1e","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h89q-4j2h-7h88","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h89q-4j2h-7h88","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59853","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:06.030","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private document paths, notebook, document, and block IDs, and search and replace keywords for unpublished documents. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:47:32.142690Z","id":"CVE-2026-59853","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/0049d0f04ffe9837760d29248b9ef31605077d36","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-px3c-cf92-9g83","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-px3c-cf92-9g83","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59855","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:06.293","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an event handler, and execute JavaScript that can run OS commands in the Electron renderer. This issue is fixed in versions 3.7.1-alpha.2 and 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/efbe3a557720034782643e55c9e0282530cb6bbb","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w3gq-5j72-36vc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-12595","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T00:16:32.120","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /users/@me endpoint without ever checking that the profile's verified flag is true, then directly maps that email to a local WordPress account via get_user_by('email', $profile['email']) and issues an authenticated session cookie via wp_set_auth_cookie(). This makes it possible for unauthenticated attackers to take over any existing WordPress account — including administrator accounts — by registering a Discord account configured with an unverified email address that matches the target user's registered WordPress email and completing the standard Discord OAuth flow."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:13:03.515325Z","id":"CVE-2026-12595","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://loginpress.pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5949980f-2506-49be-9105-40ec2d2a4f77?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12597","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T00:16:32.603","lastModified":"2026-07-10T16:16:25.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array returned by GitHub's /user/emails endpoint as an account-binding identifier without verifying that the email carries a verified === true status. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including administrators, by adding an unverified email address matching a local account to their GitHub profile and triggering the OAuth callback via a crafted code parameter — causing the plugin to call get_user_by('email', ...) and establish an authenticated session for the matched account. Practical exploitation is conditional on GitHub returning the attacker-added unverified email at index 0 of the /user/emails response, as GitHub typically prioritizes the primary verified address first; nonetheless, the absence of any email verification check in the plugin constitutes a fundamental authentication bypass flaw."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:27:36.481702Z","id":"CVE-2026-12597","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://loginpress.pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3ee9f6-6465-4caf-9aef-72dd37c61a2c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15311","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T00:16:32.853","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"NousResearch","product":"hermes-agent","cpes":["cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"],"modules":["Matrix Adapter"],"versions":[{"version":"2026.5.29.0","status":"affected"},{"version":"2026.5.29.1","status":"affected"},{"version":"2026.5.29.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:35.059940Z","id":"CVE-2026-15311","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/NousResearch/hermes-agent/","source":"cna@vuldb.com"},{"url":"https://github.com/NousResearch/hermes-agent/issues/42667","source":"cna@vuldb.com"},{"url":"https://github.com/NousResearch/hermes-agent/pull/42759","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15311","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852843","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377247","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377247/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15317","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T00:16:33.027","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"modules":["Guarded Web Fetch Flow"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3078","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15317","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852877","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377257","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377257/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-50181","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.340","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary for file operations. However, the tools only change the process working directory to `curr_dir` and then operate on the user-supplied `file_path` without resolving and enforcing that the final path remains inside `curr_dir`. As a result, a tool caller can supply path traversal sequences such as `../secret.txt` to read files outside the configured current directory, or `../written_by_tool.txt` to write files outside that directory. This can impact applications that expose Langroid file tools to an LLM agent, user-controlled tool call, or delegated coding/documentation agent while relying on `curr_dir` to restrict file access to a project/workspace directory. Version 0.64.0 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.64.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/langroid/langroid/commit/56e2756ecab70a70a7e6edbee2f2187b8484683e","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-fg23-3346-88f5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54760","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.477","lastModified":"2026-07-10T16:16:33.063","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlglot` SELECT-only statement allowlist. The blocklist entries that target callable functions require the function name to be immediately followed by `\\s*\\(`. PostgreSQL accepts the same call with the name separated from `(` by a quoted identifier, an inline comment, or schema qualification. These forms evade the regex, still parse as `SELECT`, and execute the same PostgreSQL function. This restores the `pg_read_file` server-side file-read primitive that the prior CVE-2026-25879 / GHSA-pmch-g965-grmr fix was meant to block: the parent advisory fixed a missing `pg_read_file` blocklist entry, while this report shows that the added regex is bypassable. Version 0.65.1 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:27:08.297594Z","id":"CVE-2026-54760","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-6xc5-4r68-67fc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-6xc5-4r68-67fc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54769","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.603","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages with `full_eval=True`, they attempt to sandbox the execution by explicitly setting `locals` to an empty dictionary `{}` inside Python's `eval()` function. However, this relies on an incomplete understanding of Python's execution model. Because `__builtins__` is not explicitly scrubbed from the `globals` dictionary mapping, Python implicitly injects all built-ins during execution, granting full access to functions like `__import__('os').system()`. Since `TableChatAgent.pandas_eval()` executes external LLM outputs natively, this bypass permits any attacker providing prompt payload to achieve unauthenticated RCE on the host system. Version 0.65.2 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:03.554156Z","id":"CVE-2026-54769","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54771","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.737","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. Version 0.65.3 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:19:42.631163Z","id":"CVE-2026-54771","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-75"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55615","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.867","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection (direct user input or indirect content the agent reads back via RAG), so an attacker who can influence the prompt can read or destroy all graph data and, when APOC or dbms.security procedures are enabled on the server, achieve OS-command and filesystem access. This is the same defect class and threat model as the SQLChatAgent prompt-to-SQL-to-RCE issue fixed in version 0.63.0 (CVE-2026-25879); that fix did not extend to the neo4j module. Version 0.65.5 contains a fix for the neo4j module."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:42:55.346221Z","id":"CVE-2026-55615","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/langroid/langroid/commit/5a3097d9dd6378b08ced5480b0caf76cc58d00fa","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-2pq5-3q89-j7cc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-2pq5-3q89-j7cc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15319","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T03:16:20.433","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 3126. A patch should be applied to remediate this issue."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"modules":["Launcher"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:24:08.322070Z","id":"CVE-2026-15319","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3069","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/pull/3126","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15319","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852884","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377259","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377259/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15320","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T03:16:20.723","lastModified":"2026-07-10T16:16:26.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. The reported GitHub issue was closed automatically due to inactivity."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:26:21.767167Z","id":"CVE-2026-15320","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3071","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15320","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852942","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377260","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377260/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-11392","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:35.223","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thimpress","product":"WP Hotel Booking","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/class-wphb-helpers.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/elementor/widgets/archive-room/list-results-room.php#L214","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/wphb-functions.php#L748","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/templates/search/loop.php#L92","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/templates/search/v2/loop-v2.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/elementor/widgets/archive-room/list-results-room.php#L215","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/templates/search/loop.php#L92","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/templates/search/v2/loop-v2.php#L39","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b56ca04-c6eb-401f-aa8a-b933c0527e51?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11818","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.277","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to list, create, update, delete, clone, and bulk-delete notification flow workflows that are intended to be managed only by administrators. The only protection on these endpoints is a wp_rest nonce check, which is obtainable by any logged-in user from the frontend page source."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"arraytics","product":"WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:24:51.466836Z","id":"CVE-2026-11818","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L110","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L121","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L82","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L88","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cf2d3bd-359c-4334-ad28-b6b9722edd1c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14894","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.587","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler, whose only barrier is a session nonce freely obtainable by unauthenticated visitors via a separate nopriv endpoint. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible. The nonce requirement is trivially bypassed because the super_create_nonce nopriv AJAX action allows any unauthenticated visitor to mint a valid sf_nonce and session cookie in a single prior request, reducing exploitation to two unauthenticated HTTP requests."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"WebRehab","product":"Super Forms – Drag & Drop Form Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.3.313","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:07:33.536107Z","id":"CVE-2026-14894","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/RensTillmann/super-forms/commit/c5838f5877c72b738c54ed970935c77ae6830c3a","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c7fb16-efbb-41e9-be13-98e96c1e9100?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15070","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.727","lastModified":"2026-07-10T16:16:25.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into the web-accessible translate-constants.php file within the plugin directory, enabling remote code execution on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. sanitize_text_field() is applied to the POST 'value' parameter but does not neutralize the characters — single quotes, parentheses, semicolons, $, and [] — required to break out of the PHP string literal into which the value is interpolated before being written to disk via file_put_contents()."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wordpresschef","product":"Salon Booking System – Free Version","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"10.30.32","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:24:32.111847Z","id":"CVE-2026-15070","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Action/Ajax/SetCustomText.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Action/Init.php#L628","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Plugin.php#L407","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Settings.php#L335","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3600791%40salon-booking-system&new=3600791%40salon-booking-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/301ad19a-f99c-45c8-83a7-d74e1a260556?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15326","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T04:17:48.090","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project closed the issue as \"duplicate\" but did not reference any other issue, report, or CVE."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"halo-dev","product":"halo","cpes":["cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:*"],"modules":["Theme Installation"],"versions":[{"version":"2.24.0","status":"affected"},{"version":"2.24.1","status":"affected"},{"version":"2.24.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:P","baseScore":4.7,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:21.876523Z","id":"CVE-2026-15326","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/halo-dev/halo/","source":"cna@vuldb.com"},{"url":"https://github.com/halo-dev/halo/issues/10062","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15326","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853064","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377265","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377265/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15329","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T04:17:50.590","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool._do_navigate of the file agent/tools/browser/browser_tool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Browser Tool"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2871","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2871#issuecomment-4922534422","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15329","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853098","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377272","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377272/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15282","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:30.820","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tenteeglobal","product":"Instant Appointment","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/ajax/ajax_services.php#L3","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/front-end/ajax/login_ajax.php#L584","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/front-end/ajax/login_ajax.php#L598","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/097b1530-64fa-45b2-85f3-c6a2311405b5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15283","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:30.943","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpvividplugins","product":"WPvivid Backup for MainWP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.9.33","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:17:25.793505Z","id":"CVE-2026-15283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047890%40wpvivid-backup-mainwp&new=3047890%40wpvivid-backup-mainwp&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2083fdf7-e251-4162-b38f-8dab4395a8a7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15285","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.210","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting in versions up to and including 6.4.11. The `render` function in `modules/widgets/tp_button.php` passed the raw `custom_attributes` string through `tp_senitize_js_input()`. This filter is bypassable. The issue is patched in version 6.4.12."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"posimyththemes","product":"The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.4.11","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:02:26.830122Z","id":"CVE-2026-15285","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.10/modules/helper-function.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.10/modules/widgets/tp_button.php#L1549","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.11/modules/widgets/tp_button.php#L1881","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.12/modules/widgets/tp_button.php#L1680","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c3217f9-67e5-488d-b80a-49a61678fb98?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15286","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.343","lastModified":"2026-07-10T16:16:25.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'get_items_permission_check' function permission callback of the 'process_pattern' REST API endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and immediately publish posts of any type (including pages), bypassing the standard WordPress review workflow where contributors must submit posts for administrator approval."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stellarwp","product":"Kadence Blocks — Page Builder Toolkit for Gutenberg Editor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.5.32","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:24:02.535489Z","id":"CVE-2026-15286","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/class-kadence-blocks-prebuilt-library-rest-api.php#L590","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/class-kadence-blocks-prebuilt-library-rest-api.php#L925","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3445125/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e739eb4-6b8b-4bc7-a1e6-790180668c93?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15288","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.923","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'create_payment_intent' and 'create_subscription_intent' functions without validating it against the form's configured price. This makes it possible for unauthenticated attackers to modify the payment amount to any arbitrary value when submitting a Stripe payment form, potentially purchasing products or services at significantly reduced prices."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"brainstormforce","product":"SureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3427656/sureforms/tags/2.2.2/inc/payments/front-end.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3427656/sureforms/tags/2.2.2/inc/payments/payment-helper.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0e0f22-de42-4da9-a0c1-ae41ba57be03?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15289","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.133","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart_id’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. In order to exploit the vulnerability, the Pro version of the plugin must be installed and activated, with the 'Delete previous dates' option checked."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevart","product":"Booking calendar, Appointment Booking System","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.17","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:27:42.536496Z","id":"CVE-2026-15289","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L64","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L90","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L91","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c052622-ac99-4069-b7df-41aea303ed9d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15290","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.287","lastModified":"2026-07-10T17:16:53.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This vulnerability was partially patched in version 2.9.2 when initially addressing CVE-2025-0308."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ultimatemember","product":"Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:53:43.001848Z","id":"CVE-2026-15290","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.1/includes/core/class-member-directory.php#L1710","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.1/includes/core/class-member-directory.php#L1866","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3222364/ultimate-member/trunk/includes/core/class-member-directory.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3265901/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f539e25-5483-417d-a3c5-e7034c03c673?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15291","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.430","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. This is due to the plugin not performing any authentication and authorization checks. This makes it possible for unauthenticated attackers to extract sensitive data including customer names, email addresses, phone numbers, WhatsApp messages, complete geolocation data (IP addresses, city, country, ISP, coordinates), device fingerprinting information (browser, OS, screen resolution), and WordPress account credentials (user IDs, usernames, emails, names) for logged-in users who submit forms."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themeatelier","product":"ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:16:31.518029Z","id":"CVE-2026-15291","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L149","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L157","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L207","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L234","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394141%40chat-help%2Ftrunk&old=3390862%40chat-help%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91654765-6631-4eb4-9971-32b7db7933e1?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15292","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.563","lastModified":"2026-07-10T16:16:25.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tibouille","product":"Sudoku Shortcode","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:20:34.566902Z","id":"CVE-2026-15292","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/tags/1.0.0/sudoku-shortcode.php#L63","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/tags/1.0.0/sudoku-shortcode.php#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/trunk/sudoku-shortcode.php#L63","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/trunk/sudoku-shortcode.php#L73","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/99e4b38c-f81d-4578-a623-ea62495e934d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15296","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.837","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkp_product' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is a bypass to CVE-2024-10227."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cservit","product":"affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/affiliate-toolkit-starter/trunk/includes/atkp_output.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3227483/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b5e64a33-6165-4257-b324-0bbab4129e54?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15297","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.977","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"neeraj_slit","product":"Brevo – Email, SMS, Web Push, Chat, and more.","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.77","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:28:38.782012Z","id":"CVE-2026-15297","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mailin/trunk/inc/table-forms.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055756%40mailin%2Ftrunk&old=3032712%40mailin%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4cb79e-e62b-4991-8ee5-493dafe38b80?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15298","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.117","lastModified":"2026-07-10T17:16:54.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for unauthenticated attackers to inject malicious scripts via Telegram chat titles that execute when an administrator opens the TelSender settings page and clicks the \"Tested\" button."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"pechenki","product":"TelSender – Сontact form 7, Events, Wpforms, ninja forms  and woocommerce to telegram bot","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.14.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:51:53.582933Z","id":"CVE-2026-15298","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/js/ajax.js#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/js/ajax.js#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/template/view.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/js/ajax.js#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/js/ajax.js#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/template/view.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3449367%40telsender&new=3449367%40telsender&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb02878a-2c85-4dcb-bdc0-e65addf9fb9c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15299","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.257","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weather_style' and 'move_direction' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render() function at widgets/weather.php:1246, where both settings values are placed into an HTML class attribute without esc_attr(). Elementor does not server-side validate widget SELECT control values against allowed options on save, so an authenticated attacker with Contributor-level access or above can submit a crafted save_builder AJAX request storing arbitrary values in the _elementor_data post meta. The stored payload renders unescaped on every frontend visit to the affected page (the Weather widget requires an OpenWeatherMap API key to reach the vulnerable output, which is the normal operational state for sites using this widget)."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wealcoder","product":"Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.6.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:16:06.336538Z","id":"CVE-2026-15299","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/tags/2.6.3/widgets/weather.php#L1246","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/tags/2.6.4/widgets/weather.php#L1246","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/animation-addons-for-elementor/tags/2.6.3&new_path=/animation-addons-for-elementor/tags/2.6.4","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e755c7-7d1e-45f7-9d0b-2df1ef0bdd02?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15300","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.393","lastModified":"2026-07-10T16:16:26.013","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which does not cover $_SERVER), then passed through bare esc_sql() before being interpolated into unquoted numeric positions in the proximity-search query (HAVING/SELECT clause distance math, BETWEEN bounding-box pre-filter) built by gmw_locations_query() in plugins/posts-locator/includes/class-gmw-wp-query.php. Because esc_sql() only escapes string delimiters and these positions are numeric, payloads such as `1 OR SLEEP(3)` survived sanitization. Fixed in 4.5.5 by adding an upstream is_numeric() guard that short-circuits the WHERE clause to `AND 1 = 0` when either coordinate is non-numeric, and by replacing the three esc_sql() calls with (float) casts."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ninjew","product":"GEO my WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:19:40.048972Z","id":"CVE-2026-15300","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L300","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L301","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L286","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L305","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecbc7f05-fc4f-4276-968e-04222a64e55a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15302","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.677","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the 'wp-content/uploads/armember' directory."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"reputeinfosystems","product":"ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.0.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-36"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3062692/armember-membership/trunk/core/classes/class.arm_members_activity.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c8734f5-4d23-454d-bf00-6e9d36982098?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15331","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T05:16:34.010","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. Upgrading to version 2.1.2 is sufficient to fix this issue. The identifier of the patch is e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. It is advisable to upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Skill Installation Handler"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"},{"version":"2.1.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:26:26.657365Z","id":"CVE-2026-15331","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/commit/e85290cddcbb5ffc9c235927f4c92e5b4c3ec264","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2873","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/pull/2886","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/releases/tag/2.1.2","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15331","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853104","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377274","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377274/cti","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2873","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15332","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T05:16:34.200","lastModified":"2026-07-10T16:16:26.237","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Message Endpoint"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:49.153601Z","id":"CVE-2026-15332","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2874","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15332","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853105","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377275","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377275/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12123","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T07:16:27.430","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. A Subscriber-level attacker can plant an internal or loopback URL in the `mp4` post meta of a newly created `aiovg_videos` post via XML-RPC `wp.newPost`, then trigger the unauthenticated `?vdl=<post_id>` endpoint to force the server to fetch that URL and stream the full response body back to the requester."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"plugins360","product":"All-in-One Video Gallery","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.8.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:35:19.444626Z","id":"CVE-2026-12123","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/includes/roles.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L758","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L904","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/includes/roles.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L758","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L904","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3582575","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3bb454c-ac0e-4915-8c6e-070596f7595a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13347","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T08:16:20.857","lastModified":"2026-07-10T17:16:53.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and he_wrapper_css query parameters processed by the elementor_assets_filter() function. This is due to the function concatenating user-supplied input directly onto ABSPATH and passing the result to file_get_contents() without any path traversal validation, allow-list, realpath containment, or extension check; the result is then echoed in the HTTP response. Although the output is passed through wp_kses_post(), that function only filters HTML tags and does not prevent disclosure of arbitrary file contents. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the affected site's server (such as wp-config). Note: The exploit requires the Elementor plugin and the 'Hide Elementor' feature to be enabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"templatic1","product":"Hide My WP Lite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:51:40.903413Z","id":"CVE-2026-13347","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/hide-wp-login/tags/1.3/includes/functions.php#L117","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hide-wp-login/tags/1.3/includes/functions.php#L139","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e044c51c-40e0-4d33-8921-616d59e0e0d8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-28564","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:21.897","lastModified":"2026-07-10T16:16:28.493","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB.\nREST Basic Authentication Accepts Stale Cached Credentials\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:02:34.412449Z","id":"CVE-2026-28564","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-294"},{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://lists.apache.org/thread/l38wpy7flvvfwv4rkps87l5z8gprnfy0","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40005","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.043","lastModified":"2026-07-10T16:16:29.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.\nAn attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:01:48.242010Z","id":"CVE-2026-40005","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://lists.apache.org/thread/zw2vkbmy5xkf5y8g237v81hrs4c6b5lq","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40006","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.163","lastModified":"2026-07-10T16:16:29.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB.\nWhen pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver\naccepts raw TCP connections on port 9780 with no authentication. The\nreadLength method reads an attacker-controlled 32-bit integer from the\nsocket and readData passes it directly to new byte[length] with no\nupper-bound check. An unauthenticated attacker can cause the JVM to attempt\nan allocation of up to 2,147,483,647 bytes per connection, exhausting heap\nmemory and crashing or severely degrading the DataNode process.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:59:12.142625Z","id":"CVE-2026-40006","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://lists.apache.org/thread/rfpt7m9fvdrw37r3ow5omp2n914z6zqk","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40007","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.280","lastModified":"2026-07-10T16:16:30.140","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.\nWhen pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's\nreadLength method calls itself recursively each time it recognises the\nE-language prefix in socket data, with no depth limit. An unauthenticated\nattacker can send a stream of repeated E-language prefixes that drives the\nrecursion arbitrarily deep, exhausting the receiver thread's JVM stack and\nraising StackOverflowError.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:07:37.243571Z","id":"CVE-2026-40007","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://lists.apache.org/thread/tr23kh6kp8drrsv8ypv1mqm4v5kyy23m","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40008","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.397","lastModified":"2026-07-10T16:16:30.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB.\nThe pipe processor reads a fully\nqualified Java class name and\ninstantiates it using Class.forName().newInstance() without any\nvalidation or allowlisting.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:06:47.206817Z","id":"CVE-2026-40008","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-470"}]}],"references":[{"url":"https://lists.apache.org/thread/fm8cpvzbox2qqy99ztglm8wkk1nrg9ng","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40454","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.750","lastModified":"2026-07-10T16:16:30.770","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client.\nOut-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client\nprocess on malformed server data.\n\n\nThis issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB C++ client","defaultStatus":"unaffected","packageName":"client-cpp","versions":[{"version":"1.3.5","lessThan":"1.3.8","versionType":"semver","status":"affected"},{"version":"2.0.5","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:27:23.764896Z","id":"CVE-2026-40454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://lists.apache.org/thread/9wml325g6bpovw0jf5ymtc3xl7fwlkrn","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-11977","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:51.153","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyforms_get_form_partial() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"happyforms","product":"Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:04:08.892744Z","id":"CVE-2025-11977","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://plugins.svn.wordpress.org/happyforms/trunk/core/classes/class-wp-customize-form-manager.php","source":"security@wordfence.com"},{"url":"https://plugins.svn.wordpress.org/happyforms/trunk/core/helpers/helper-form-templates.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3494912%40happyforms&new=3494912%40happyforms","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e31119ab-963d-48a4-9948-0a0dce761918?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11992","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.280","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level access and above, to cancel all upcoming appointments site-wide by marking every future appointment stored by the plugin as abandoned. The nonce required to authenticate the cancellation request is printed on the Appointments admin page, which is itself gated only by the edit_posts capability that Authors possess, making the nonce readily accessible to low-privileged users."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"easyappointments","product":"Easy Appointments","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.12.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:05:16.087727Z","id":"CVE-2026-11992","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L563","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L619","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/templates/appointments.tpl.php#L302","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L563","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L619","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/templates/appointments.tpl.php#L302","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eea33d0b-2547-4c51-8c4c-d178d6c8502d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12400","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.553","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the update_form due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to modify the content, design, and settings of, as well as publish or revert, any form on the site — including forms owned by administrators — by supplying an arbitrary form ID in the REST URL."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"priyanshuchaudhary","product":"FlowForms – Conversational Form Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L48","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L493","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L562","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L603","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L654","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L694","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3577870%40flowforms&new=3577870%40flowforms","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4e6133-f833-4da2-af4a-e7e7fcedfe3c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12924","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.820","lastModified":"2026-07-10T16:16:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"arraytics","product":"Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.1.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:40:46.922796Z","id":"CVE-2026-12924","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/core/event/Api/EventController.php#L2027","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/core/event/Api/EventController.php#L801","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/event-details-parts.php#L359","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/styles/event-faq/style-1.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/styles/event-faq/style-2.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/utils/functions.php#L44","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3600977%40wp-event-solution&new=3600977%40wp-event-solution","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/343ed594-482a-4a27-9682-92bb643ee82a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12955","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.987","lastModified":"2026-07-10T17:16:53.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdpr_cookie_consent_ajax_save_schedule_scan() function (the wp_ajax_gcc_save_schedule_scan AJAX action) in versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's cookie scan schedule configuration stored in the gdpr_scan_schedule_data option, which is an administrative function intended to be limited to users with the manage_options capability."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wplegalpages","product":"Cookie Banner for GDPR / CCPA – WPLP Cookie Consent","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:19.589040Z","id":"CVE-2026-12955","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/admin/class-gdpr-cookie-consent-admin.php#L8132","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/admin/class-gdpr-cookie-consent-admin.php#L8139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/includes/class-gdpr-cookie-consent.php#L251","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3601475/gdpr-cookie-consent/tags/4.3.7/admin/class-gdpr-cookie-consent-admin.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddee10e0-093c-47a3-8aa9-946d6d21e1b2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14475","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.127","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wplegalpages","product":"Cookie Banner for GDPR / CCPA – WPLP Cookie Consent","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:11:39.023792Z","id":"CVE-2026-14475","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/class-wpl-cookie-consent-cookie-scanner.php#L1036","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/class-wpl-cookie-consent-cookie-scanner.php#L994","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L823","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L847","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601475%40gdpr-cookie-consent&new=3601475%40gdpr-cookie-consent","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/376741ee-9b6b-4822-8bad-548e212cd563?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15026","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.277","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the email_template_selected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the post_title and raw post_content of arbitrary posts regardless of status (draft, private, future, trash, password-protected) or post type (including non-public CPTs such as WooCommerce orders and internal CRM records) by enumerating post IDs. The required codection-security nonce is exposed as inline JavaScript on any wp-admin page when ?post_type=acui_email_template is appended to the URL, which is reachable by any authenticated user including Subscribers."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"carazo","product":"Import and export users and customers","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:48.392392Z","id":"CVE-2026-15026","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-options.php#L357","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-templates.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-templates.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-options.php#L357","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-templates.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-templates.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601455%40import-users-from-csv-with-meta&new=3601455%40import-users-from-csv-with-meta","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/85b61e0f-3bb2-4688-b513-14f4d2da6c30?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-1946","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.540","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the plugin from GravityWrite via the 'gwaiwebu_gravitywrite_disconnect' AJAX action."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"nandhiniwp","product":"GW AI Website Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/tags/1.0.1/API/api-functions.php#L4069","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/tags/1.0.1/API/api-functions.php#L4253","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/trunk/API/api-functions.php#L4069","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/trunk/API/api-functions.php#L4253","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3481065%40gw-ai-website-builder&new=3481065%40gw-ai-website-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49405ba1-b0fd-429b-a30a-95c8d3f26545?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3907","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.677","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode attribute (used as button text) is passed to the `$text` variable without sanitization at line 79 and then output directly into an HTML `value` attribute at line 91 without `esc_attr()` or any other escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"prasunsen","product":"Hostel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:38:57.759016Z","id":"CVE-2026-3907","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/shortcodes.php#L79","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/shortcodes.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/models/hostel.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/shortcodes.php#L79","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/shortcodes.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/models/hostel.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3480942%40hostel&new=3480942%40hostel","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30339c0d-6632-4073-b4d5-3bb4a5b8a58d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6440","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.820","lastModified":"2026-07-10T17:17:03.997","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset_credential() function, which handles the wp_ajax_goodmeet_reset_google_meet_credential AJAX action. While the function does verify the user's capability (manage_options), it does not validate a nonce, making it susceptible to CSRF attacks. This makes it possible for unauthenticated attackers to trick a site administrator into clicking a malicious link that will reset (delete) the plugin's stored Google Meet API credentials (goodmeet_google_credentials) and OAuth tokens (goodmeet_google_token), effectively disabling the Google Meet integration on the site."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"sovlix","product":"GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:29.603286Z","id":"CVE-2026-6440","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Goodmeet_Ajax.php#L140","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Goodmeet_Ajax.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Googlemeet/Goodmeet_Meet.php#L544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Goodmeet_Ajax.php#L140","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Goodmeet_Ajax.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Googlemeet/Goodmeet_Meet.php#L544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3525854%40goodmeet&new=3525854%40goodmeet","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dc9e818d-811e-4732-9c74-8eb6753a1706?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6802","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.973","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdc_custom_init() function, which processes the 'eufdc-delete' parameter without any nonce verification, capability check, or attachment ownership validation. This makes it possible for unauthenticated attackers to permanently delete arbitrary media library attachments from the WordPress site."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"fahadmahmood","product":"Easy Upload Files During Checkout","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:04:21.751000Z","id":"CVE-2026-6802","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L587","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L587","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3522887%40easy-upload-files-during-checkout&new=3522887%40easy-upload-files-during-checkout","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5727bc4e-ee92-4913-bc8f-3d002488b383?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9838","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:54.110","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerability is reachable via the unauthenticated wp_ajax_nopriv_r34ics_ajax AJAX action, which accepts attacker-controlled js_args values merged over stored shortcode configuration without nonce verification, allowing the htmltagtitle key to bypass the normal shortcode allowlist check."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"room34","product":"ICS Calendar","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"12.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:26.409711Z","id":"CVE-2026-9838","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/templates/calendar-month.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/templates/calendar-month.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3563728%40ics-calendar&new=3563728%40ics-calendar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4d91b01-5034-42b5-857f-c66c875dd562?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12918","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:22.893","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is a second-order SQL injection: the malicious payload is first stored unsanitized via a POST request to /mrm/v1/campaigns/ (bypassing filter_recipients() validation because an int-cast of a string like '1) OR ...' evaluates to a real numeric ID), and is then triggered by a subsequent GET request to /mrm/v1/campaigns/{id} that deserializes the recipients and passes the raw id string through array_column() into the vulnerable query."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"getwpfunnels","product":"Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.24.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L1088","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L304","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/Database/models/ContactGroupPivotModel.php#L130","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/MrmCommon.php#L1197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3592458%40mail-mint&new=3592458%40mail-mint","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf7c500e-311f-4db5-8a54-de7b02fb11dd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13010","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.020","lastModified":"2026-07-10T16:16:25.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The shortcode can be embedded in posts or pages by Contributor-level users, making this exploitable by any authenticated user with at least that role."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"beardev","product":"JoomSport – for Sports: Team & League, Football, Hockey & more","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.7.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:30.613546Z","id":"CVE-2026-13010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.9/includes/joomsport-shortcodes.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.9/sportleague/base/wordpress/classes/class-jsport-getplayers.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3594276%40joomsport-sports-league-results-management&new=3594276%40joomsport-sports-league-results-management","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3aa680f-4ce2-43b2-81fb-c664e398c868?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13247","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.137","lastModified":"2026-07-10T17:16:53.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgx_tooltip_position' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"logichunt","product":"Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:09.261103Z","id":"CVE-2026-13247","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/admin/class-logo-slider-wp-admin.php#L996","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/public/partials/template/view-default.php#L43","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/public/partials/view-controller.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601263%40logo-slider-wp&new=3601263%40logo-slider-wp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd321fd7-1f3a-4d1c-b832-69423a35fad5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13710","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.270","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sg_body_description' parameter in versions up to, and including, 3.2.6. This is due to insufficient input sanitization and output escaping on the description attribute in the render_body() method of the Image_Box_View class — every other attribute used by the method is wrapped in esc_attr(), but the description value is concatenated directly into HTML body context. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"jegtheme","product":"Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:14:14.401741Z","id":"CVE-2026-13710","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3596439%40jeg-elementor-kit&new=3596439%40jeg-elementor-kit","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/be78b7d5-3f99-46de-b2b8-14254ee1ab71?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-41876","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.687","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user.\n\nThis issue was fixed in version v3.19-2752 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2752","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:57:08.498105Z","id":"CVE-2026-41876","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41877","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.847","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users.\n\nThis issue was fixed in version v3.19-2832 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2832","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:56:33.511506Z","id":"CVE-2026-41877","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41878","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.957","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file.\n\nThis issue was fixed in version v3.19-2862 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2862","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:22:59.247904Z","id":"CVE-2026-41878","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41879","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:24.077","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file.\n\nThis issue was fixed in version v3.17-2000."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.17-2000","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:19:06.995124Z","id":"CVE-2026-41879","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41880","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:24.193","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding neutralizes the injection during the standard web upload flow. An authenticated attacker who is able to trigger the OCR functionality for the uploaded file can execute OS commands within the context of a root user.\n\nThis issue was fixed in version v3.19-2862 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2862","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:27:49.734940Z","id":"CVE-2026-41880","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-9857","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:24.310","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the plugin's API key stored in wp_options, modify invoice plugin settings, and alter WooCommerce tax rate data in the wp_woocommerce_tax_rates table."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"saskaita123","product":"Invoice123","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:03:44.668414Z","id":"CVE-2026-9857","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_ApiKey.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_ApiKey.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_ApiKey.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_ApiKey.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3594935%40saskaita123-lt&new=3594935%40saskaita123-lt","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d4e685a-0462-447f-a639-4f95d5aa27ab?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-56688","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.453","lastModified":"2026-07-10T17:17:01.213","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:49:45.463721Z","id":"CVE-2026-56688","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56689","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.577","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T12:59:59.557962Z","id":"CVE-2026-56689","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56690","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.700","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:14:21.210025Z","id":"CVE-2026-56690","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-54469","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T13:16:20.427","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Unisphere for PowerMax","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.3.0.7 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"10.3.1.1 Patch 11360 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000483543/dsa-2026-272-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtualappliance-dell-unisphere-360-dell-solutionsenabler-and-dell-solutionsenabler-virtualappliance-security-update-for-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-54470","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T13:16:20.550","lastModified":"2026-07-10T16:16:32.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Unisphere for PowerMax","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.3.0.7 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"10.3.1.1 Patch 11360 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:54.892451Z","id":"CVE-2026-54470","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000483543/dsa-2026-272-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtualappliance-dell-unisphere-360-dell-solutionsenabler-and-dell-solutionsenabler-virtualappliance-security-update-for-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-38057","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T15:16:39.397","lastModified":"2026-07-10T17:16:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"ST Engineering iDirect","product":"Evolution iQ‑Series terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"3315-Series","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"9-Series Terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:22:04.408644Z","id":"CVE-2026-38057","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://support.idirect.net/s/login","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-38059","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T15:16:39.563","lastModified":"2026-07-10T17:16:57.000","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"ST Engineering iDirect","product":"Evolution iQ‑Series terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"3315-Series","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"9-Series Terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:18:45.509494Z","id":"CVE-2026-38059","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://support.idirect.net/s/login","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-56254","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:41.810","lastModified":"2026-07-10T16:16:33.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo server can create a validly signed update bundle and cause devices to install an update not produced by the original app maker."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"capacitor-updater","product":"capacitor-updater","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo/capacitor-updater","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:07.705805Z","id":"CVE-2026-56254","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-320"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-j2f4-4pfc-p8rx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capacitor-updater-end-to-end-encryption-bypass-via-private-key-distribution","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56279","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.157","lastModified":"2026-07-10T16:16:33.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:44:27.423019Z","id":"CVE-2026-56279","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fch8-pp28-mw2x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-information-disclosure-via-get-orgs-v7-rpc-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fch8-pp28-mw2x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56305","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.300","lastModified":"2026-07-10T15:44:09.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate users and achieve full account takeover."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-620"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-rjr5-qxqj-cx8g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-authentication-bypass-in-password-change-via-missing-current-password-validation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56309","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.440","lastModified":"2026-07-10T16:16:34.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bundle metadata, and survive app deletion, enabling storage and bandwidth abuse."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:12:45.415501Z","id":"CVE-2026-56309","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q52j-ggvx-cr4v","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-plan-bypass-via-unrestricted-attachment-upload-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q52j-ggvx-cr4v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56312","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.587","lastModified":"2026-07-10T17:17:00.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn invite links."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:49:33.747729Z","id":"CVE-2026-56312","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-whc5-fvr7-g5v3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-account-creation-before-captcha-validation-in-accept-invitation-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56329","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.727","lastModified":"2026-07-10T17:17:00.643","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:45:10.865078Z","id":"CVE-2026-56329","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-76qq-gg2p-pwwj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-tenant-preview-namespace-collision-via-non-bijective-underscore-decoding","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-76qq-gg2p-pwwj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56335","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.880","lastModified":"2026-07-10T16:16:34.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive channel attributes such as public, allow_emulator, and security-related flags outside intended application routes."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:56:47.365326Z","id":"CVE-2026-56335","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ph9c-vwjq-pqhj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-channel-configuration-mutation-via-write-scoped-api-keys","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ph9c-vwjq-pqhj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55500","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:33.357","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.4.80","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:39:22.455445Z","id":"CVE-2026-55500","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/0c7c9de00ae3ab81d6580e3cc368483c4c03f6fd","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.4.80","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55501","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:33.493","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail. A remote attacker can rotate the X-Forwarded-For value on each login attempt to receive a fresh rate-limit bucket, bypass the 5-attempt threshold and progressive lockout durations, and perform unlimited brute-force attempts against the dashboard password. This issue is fixed in version 0.4.80."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.4.80","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:44:55.006800Z","id":"CVE-2026-55501","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/7648c3412b403a29f04967c4b4e9725e228791d4","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.4.80","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56676","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:34.923","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/c7d07448c58bec1200741de0b73305b860416b82","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx","source":"security-advisories@github.com"}]}}]}