{"resultsPerPage":370,"startIndex":0,"totalResults":370,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T00:11:05.638","vulnerabilities":[{"cve":{"id":"CVE-2005-1436","sourceIdentifier":"cve@mitre.org","published":"2005-05-03T04:00:00.000","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"}]}]}],"references":[{"url":"http://secunia.com/advisories/15216","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.osvdb.org/16270","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16271","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16272","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16273","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16274","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/15216","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.osvdb.org/16270","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16271","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16272","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16273","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16274","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2005-1439","sourceIdentifier":"cve@mitre.org","published":"2005-05-03T04:00:00.000","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","matchCriteriaId":"69CEF9C4-AD16-4310-84F3-22F6BDA47515"}]}]}],"references":[{"url":"http://secunia.com/advisories/15216","source":"cve@mitre.org"},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16279","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/15216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16279","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2006-5407","sourceIdentifier":"cve@mitre.org","published":"2006-10-19T01:07:00.000","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter."},{"lang":"es","value":"Vulnerabilidad de inclusión remota del archivo en PHP open_form.php en osTicket permite a los atacantes remotos la ejecución de código PHP de su elección mediante una URL en el parámetro include_dir."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","matchCriteriaId":"69CEF9C4-AD16-4310-84F3-22F6BDA47515"}]}]}],"references":[{"url":"http://securityreason.com/securityalert/1745","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/448687/100/0/threaded","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29577","source":"cve@mitre.org"},{"url":"http://securityreason.com/securityalert/1745","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/448687/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29577","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2009-2361","sourceIdentifier":"cve@mitre.org","published":"2009-07-08T15:30:01.217","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en include/class.staff.php en osTicket before v1.6 RC5 permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro staff username."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:rc4:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"277B3646-8A46-4134-8BD2-6F4B2BC367FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"}]}]}],"references":[{"url":"http://osticket.com/forums/project.php?issueid=118","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/35629","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/9032","source":"cve@mitre.org"},{"url":"http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.osvdb.org/55472","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/504615/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/35516","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id?1022480","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2009/1726","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51417","source":"cve@mitre.org"},{"url":"http://osticket.com/forums/project.php?issueid=118","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/35629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/9032","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.osvdb.org/55472","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/504615/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/35516","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1022480","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/1726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51417","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2010-0605","sourceIdentifier":"cve@mitre.org","published":"2010-02-11T17:30:00.877","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with \"Staff\" permissions, to execute arbitrary SQL commands via the input parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en scp/ajax.php en osTicket v1.6.0 Stable, permite a usuarios autenticados remotamente, con permisos de \"staff\", ejecutar comandos SQL de su elección a través del parámetro \"input\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:rc5:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"8063A165-A2AB-459E-B9FB-256F2A460004"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc4:*:*:*:*:*:*","matchCriteriaId":"2558F5AF-59B7-42C3-ABC3-0B936633D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*","matchCriteriaId":"C0CEA985-2810-4828-A6EC-60E948AAEC77"}]}]}],"references":[{"url":"http://osticket.com/forums/project.php?issueid=176","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/11380","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/38166","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://osticket.com/forums/project.php?issueid=176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/11380","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/38166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2010-0606","sourceIdentifier":"cve@mitre.org","published":"2010-02-11T17:30:00.907","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php."},{"lang":"es","value":"Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en scp/ajax.php en osTicket anterior a v1.6.0 Stable, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través del parámetro \"f\", posiblemente relacionado con un mensaje de error generado por scp/admin.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:rc5:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"8063A165-A2AB-459E-B9FB-256F2A460004"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc4:*:*:*:*:*:*","matchCriteriaId":"2558F5AF-59B7-42C3-ABC3-0B936633D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*","matchCriteriaId":"C0CEA985-2810-4828-A6EC-60E948AAEC77"}]}]}],"references":[{"url":"http://osticket.com/forums/project.php?issueid=176","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/38166","source":"cve@mitre.org"},{"url":"http://osticket.com/forums/project.php?issueid=176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/38166","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2010-4634","sourceIdentifier":"cve@mitre.org","published":"2010-12-30T21:00:05.580","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439.  NOTE: this issue has been disputed by a reliable third party"},{"lang":"es","value":"** CONTROVERTIDO **  Vulnerabilidad de salto de directorio en osTicket 1.6. Permite a atacantes remotos leer ficheros arbitrariamente a través de .. (punto punto) en el paráemtro fichero de module.php, un vector diferente al de CVE-2005-1439.  NOTA: esta vulnerabilidad ha sido discutida por un tercero de confianza."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:*:*:*:*:*:*:*","matchCriteriaId":"A95BA812-8405-4F6C-86EC-8615C6169234"}]}]}],"references":[{"url":"http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt","source":"cve@mitre.org"},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002468.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002469.html","source":"cve@mitre.org"},{"url":"http://www.exploit-db.com/exploits/15471","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/44739","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002468.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002469.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.exploit-db.com/exploits/15471","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/44739","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2014-4744","sourceIdentifier":"cve@mitre.org","published":"2014-07-09T14:55:04.343","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en osTicket anterior a 1.9.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros (1) Phone Number field en open.php o (2) Phone number field, (3) passwd1 field, (4) passwd2 field o (5) do en account.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.1","matchCriteriaId":"31DC4FA8-16F8-45F5-A344-9AF98784D4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.0:*:*:*:*:*:*:*","matchCriteriaId":"02D550AE-562C-4F75-808E-6F5C3F2DC3F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc4:*:*:*:*:*:*","matchCriteriaId":"2558F5AF-59B7-42C3-ABC3-0B936633D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc5:*:*:*:*:*:*","matchCriteriaId":"D857B226-2F53-40BA-A6FF-5ECA72F66A39"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"1FD2A318-6DFB-4701-B7C0-2097DEBFF68D"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"A1380BD9-1950-46BF-A150-A5C7B3B122F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0:rc1:*:*:*:*:*:*","matchCriteriaId":"410E1DA8-D8DA-4925-9296-899AD7AFF1D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0:rc2:*:*:*:*:*:*","matchCriteriaId":"B5872239-C3D1-46F2-9AE1-E44711FCD276"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BDDA3155-5BE1-486F-8CD5-1CA152AC3BB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CA4BF6A3-23BF-4C80-B73A-1E476DA231D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.3:*:*:*:*:*:*:*","matchCriteriaId":"65D56D66-F8BB-4DB5-A3B1-B8CD7F2710A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.4:*:*:*:*:*:*:*","matchCriteriaId":"1185DBA7-AEA8-4347-8800-9926A7648525"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"471735B2-A4D3-4EF0-A388-0D54352CDEA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1:developer_preview:*:*:*:*:*:*","matchCriteriaId":"32937B3C-A713-4CB5-A265-80B9F904B018"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1:rc1:*:*:*:*:*:*","matchCriteriaId":"745EC140-694C-4EAF-9E27-E40FBDEE125B"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BA8FFCFB-6E7E-45B7-9279-6D06C61ED934"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1.2:*:*:*:*:*:*:*","matchCriteriaId":"CC9440ED-352C-49EF-80B1-97FAE6E72D5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"75828A46-0334-4ACF-A0FF-7F6EAB11E310"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"BDB01480-8551-42B2-8BA5-129BF566485E"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"6E9A63F4-A62E-4E88-8AD9-E37295BABB46"}]}]}],"references":[{"url":"http://secunia.com/advisories/59539","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/68500","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/59539","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/68500","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2015-1176","sourceIdentifier":"cve@mitre.org","published":"2015-01-23T15:59:11.070","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action."},{"lang":"es","value":"Vulnerabilidad de XSS en upload/scp/tickets.php en osTicket anterior a 1.9.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro status en una acción de búsqueda."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.4","matchCriteriaId":"DF4DF9EE-3B3B-450D-B3E6-FBBBEF6C1B70"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/534526/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/72276","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/pull/1639","source":"cve@mitre.org"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/534526/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/72276","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/pull/1639","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-1347","sourceIdentifier":"cve@mitre.org","published":"2015-01-23T15:59:14.147","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en client.inc.php en osTicket anterior a 1.9.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro lang."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.5","matchCriteriaId":"8B1583D6-BE11-4FAC-96EF-805F3385738F"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1","source":"cve@mitre.org"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1","source":"cve@mitre.org"},{"url":"https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2018-7192","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.493","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"message\" parameter."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en /ajax.php/form/help-topic en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro \"message\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7193","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.553","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"order\" parameter."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/directory.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro \"order\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7194","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.600","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting."},{"lang":"es","value":"Vulnerabilidad de formato de enteros en el generador de números de ticket en versiones anteriores a la 1.10.2 de Enhancesoft osTicket permite que atacantes remotos provoquen una denegación de servicio (evitando la creación de nuevos tickets) mediante un gran número de dígitos en los ajustes de formato de números de tickets."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7195","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.647","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number."},{"lang":"es","value":"Enhancesoft osTicket en versiones anteriores a la 1.10.2 permite que atacantes remotos restablezcan contraseñas arbitrarias (cuando se conoce una dirección de correo electrónico asociada), aprovechando el acceso de invitado y adivinando un número de 6 dígitos."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7196","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.710","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"sort\" parameter."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/index.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro \"sort\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-11537","sourceIdentifier":"cve@mitre.org","published":"2019-04-25T19:29:01.143","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion."},{"lang":"es","value":"En osTicket versiones anteriores a 1.12, tiene una vulnerabilidad de Cross-Site Scripting (XSS) a través de /upload/file.php, /upload/scp/users.php?do=import-users, y /upload/scp/ajax.php/users/import si un usuario del gestor de agentes sube un archivo.csv creado al User Importer, en el contenido del archivo puede aparecer un mensaje de error. El XSS puede conducir a la inclusión de archivos locales."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.12","matchCriteriaId":"7FE0F679-EA95-4728-AD32-0768F4E213C5"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket/pull/4869","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46753","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/46753/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/pull/4869","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46753","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/46753/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2019-14748","sourceIdentifier":"cve@mitre.org","published":"2019-08-07T17:15:12.417","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment."},{"lang":"es","value":"Se detectó un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. El formulario de creación de Ticket permite a los usuarios cargar archivos en conjunto con consultas. Se encontró que la funcionalidad file-upload presenta menos (o ninguna) mitigaciones implementadas para las comprobaciones de contenido de archivos; además, la salida no se maneja apropiadamente, causando una vulnerabilidad de tipo XSS persistente que conlleva al robo de cookies o acciones maliciosas. Por ejemplo, un usuario que no sea agente puede cargar un archivo .html y Content-Disposition será ajustado a inline en lugar de attachment."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.7","matchCriteriaId":"F4C67250-AA50-471C-9356-4C2DB0A3EA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12","versionEndExcluding":"1.12.1","matchCriteriaId":"83439B7B-7744-4C7D-ABFB-BA2F3F8DEA5A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47224","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47224","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2019-14749","sourceIdentifier":"cve@mitre.org","published":"2019-08-07T17:15:12.480","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."},{"lang":"es","value":"Se detectó un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Una inyección CSV (también se conoce como Formula) se presenta en la funcionalidad export spreadsheets. Estas hojas de cálculo se generan dinámicamente a partir de la entrada de usuario no comprobada o no filtrada en los campos Name y Internal Notes de la pestaña Users y el campo Issue Summary de la pestaña Tickets. Esto permite a otros agentes descargar datos en formato de archivo .csv o .xls. Esto es usado como entrada para aplicaciones de hoja de cálculo como Excel y OpenOffice Calc, lo que resulta en una situación en la que las celdas de las hojas de cálculo pueden contener entradas de una fuente no confiable. Como resultado, el usuario final que accede a la hoja de cálculo exportada puede estar afectado."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.7","matchCriteriaId":"F4C67250-AA50-471C-9356-4C2DB0A3EA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12","versionEndExcluding":"1.12.1","matchCriteriaId":"83439B7B-7744-4C7D-ABFB-BA2F3F8DEA5A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47225","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47225","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2019-14750","sourceIdentifier":"cve@mitre.org","published":"2019-08-07T17:15:12.557","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions."},{"lang":"es","value":"Se detectó un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Se presenta una vulnerabilidad de tipo XSS Almacenado en el archivo setup/install.php. Se observó que no fue proporcionado ningún saneamiento de entrada en los campos de firstname y lastname. La inserción de consultas maliciosas en esos campos conlleva a la ejecución de esas consultas. Esto puede conllevar aún más al robo de cookies u otras acciones maliciosas."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.7","matchCriteriaId":"F4C67250-AA50-471C-9356-4C2DB0A3EA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12","versionEndExcluding":"1.12.1","matchCriteriaId":"83439B7B-7744-4C7D-ABFB-BA2F3F8DEA5A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47226","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47226","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2020-16193","sourceIdentifier":"cve@mitre.org","published":"2020-08-26T12:15:13.357","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call."},{"lang":"es","value":"osTicket versiones anteriores a 1.14.3, permite un ataque de tipo XSS porque el archivo include/staff/banrule.inc.php presenta una llamada $info [\"notes\"] eco no comprobada"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.3","matchCriteriaId":"AD9ACBA3-9382-444B-84F8-2859021D25F3"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-24917","sourceIdentifier":"cve@mitre.org","published":"2020-08-30T16:15:14.230","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php."},{"lang":"es","value":"osTicket versiones anteriores a 1.14.3, permite un ataque XSS por medio de un nombre de archivo diseñado en la función DraftAjaxAPI::_uploadInlineImage() en el archivo include/ajax.draft.php"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.3","matchCriteriaId":"AD9ACBA3-9382-444B-84F8-2859021D25F3"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://sisl.lab.uic.edu/projects/chess/osticket-xss/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://sisl.lab.uic.edu/projects/chess/osticket-xss/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-24881","sourceIdentifier":"cve@mitre.org","published":"2020-11-02T21:15:26.680","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning."},{"lang":"es","value":"Una vulnerabilidad de tipo SSRF se presenta en osTicket versiones anteriores a 1.14.3, donde un atacante puede agregar un archivo malicioso al servidor o llevar a cabo un escaneo de puertos"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.3","matchCriteriaId":"AD9ACBA3-9382-444B-84F8-2859021D25F3"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-32074","sourceIdentifier":"cve@mitre.org","published":"2022-07-13T16:15:08.900","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file."},{"lang":"es","value":"Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente audit/class.audit.php de osTicket-plugins - Storage-FS versiones anteriores al commit a7842d494889fd5533d13deb3c6a7789768795ae, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un archivo SVG manipulado"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"2022-05-19","matchCriteriaId":"6336A5DD-C366-4235-BF7B-1D7D3D01B072"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket-plugins","source":"cve@mitre.org","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://owasp.org/www-community/attacks/xss/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket-plugins","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://owasp.org/www-community/attacks/xss/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-26241","sourceIdentifier":"cve@mitre.org","published":"2025-05-05T16:15:50.750","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability in the \"Search\" functionality of \"tickets.php\" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the \"keywords\" and \"topic_id\" URL parameters combination."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL en la funcionalidad \"Search\" de la página \"tickets.php\" en osTicket &lt;=1.17.5 permite a atacantes autenticados ejecutar comandos SQL arbitrarios a través de la combinación de parámetros de URL \"keywords\" y \"topic_id\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-05T17:36:30.209895Z","id":"CVE-2025-26241","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.17.5","matchCriteriaId":"BF4D2A1D-E4AF-42C3-ABB0-E297CD01D863"}]}]}],"references":[{"url":"https://members.backbox.org/osticket-sql-injection-bypass/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-8889","sourceIdentifier":"contact@wpscan.com","published":"2025-09-09T06:15:32.370","lastModified":"2026-07-10T15:38:30.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Compress & Upload","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-09-09T19:36:31.528158Z","id":"CVE-2025-8889","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eliehanna:compress_\\&_upload:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.0.5","matchCriteriaId":"CCB3E97E-8BC2-4CAD-9FC3-C7ED65E54489"}]}]}],"references":[{"url":"https://wpscan.com/vulnerability/5d84a577-62aa-4aa2-ac39-b146eae65243/","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-37094","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-03T22:16:25.673","lastModified":"2026-07-10T15:16:35.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication token for a controlled account and replay it against any victim account sharing the same password, since tokens are bound to password hashes rather than unique per-user values, bypassing the victim's 2FA protections."},{"lang":"es","value":"EspoCRM 5.8.5 contiene una vulnerabilidad de autenticación que permite a los atacantes acceder a otras cuentas de usuario manipulando los encabezados de autorización. Los atacantes pueden decodificar y modificar los tokens Basic Authorization y Espo-Authorization para obtener acceso no autorizado a información y privilegios de usuarios administrativos."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"EspoCRM","product":"EspoCRM","defaultStatus":"unaffected","repo":"https://github.com/espocrm/espocrm","versions":[{"version":"5.7.0","lessThan":"5.9.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-04T19:36:20.554721Z","id":"CVE-2020-37094","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-303"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*","versionEndIncluding":"5.8.5","matchCriteriaId":"534BF0F6-C81A-445E-ACAA-2E5B08832ABF"}]}]}],"references":[{"url":"https://github.com/espocrm/espocrm/commit/b299220dd0c7acdaa1ed8be8ffd79c7985093c7a","source":"disclosure@vulncheck.com"},{"url":"https://www.espocrm.com","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.exploit-db.com/exploits/48376","source":"disclosure@vulncheck.com","tags":["Exploit","VDB Entry"]},{"url":"https://www.vulncheck.com/advisories/espocrm-two-factor-auth-bypass-via-auth-token-reuse-between-accounts-with-identical-passwords","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-11332","sourceIdentifier":"secalert@redhat.com","published":"2026-06-05T09:16:26.070","lastModified":"2026-07-10T16:16:23.310","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"migration-toolkit-virtualization/mtv-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mtv-candidate/mtv-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-rhel9-operator","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/volsync-operator-bundle","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/volsync-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-24/lightspeed-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-25/lightspeed-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/de-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/de-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/eda-controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/gateway-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/hub-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/hub-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/lightspeed-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/lightspeed-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/platform-resource-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/platform-resource-runner-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/aap-cloud-billing-operator-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/de-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/de-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/eda-controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/gateway-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/hub-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/hub-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/lightspeed-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/lightspeed-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/metrics-service-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/platform-resource-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/platform-resource-runner-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/ansible-devspaces-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/metrics-service-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/ee-minimal-rhel8","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/ee-minimal-rhel8","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform Ansible Core 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/ee-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_core:2"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-ansible-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-core","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/bootc-automation-portal-rhel9","cpes":["cpe:/a:redhat:ansible_portal:2"]},{"vendor":"Red Hat","product":"Service Telemetry Framework 1.5","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"stf/service-telemetry-rhel9-operator","cpes":["cpe:/a:redhat:stf:1.5"]},{"vendor":"Red Hat","product":"Service Telemetry Framework 1.5","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"stf/smart-gateway-rhel9-operator","cpes":["cpe:/a:redhat:stf:1.5"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-05T15:43:53.403669Z","id":"CVE-2026-11332","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-11332","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485379","source":"secalert@redhat.com"},{"url":"https://github.com/ansible/ansible","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-11332","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485379","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11332.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-0270","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:53.953","lastModified":"2026-07-10T18:16:05.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux  allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XSOAR","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"8.13","lessThan":"8.13.0.11","versionType":"custom","status":"affected","changes":[{"at":"8.13.0.11","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cortex XSOAR","defaultStatus":"unaffected","versions":[{"version":"8.12.0","versionType":"custom","status":"affected"},{"version":"8.11.0","versionType":"custom","status":"affected"},{"version":"8.10.0","versionType":"custom","status":"affected"},{"version":"6.14.0","versionType":"custom","status":"unaffected"},{"version":"6.13.0","versionType":"custom","status":"unaffected"},{"version":"6.12.0","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-0270","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*","versionStartIncluding":"8.10.0","versionEndExcluding":"8.13.0.11","matchCriteriaId":"A16792C5-B73E-46EA-8A84-28FFA512DB7A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-4559","source":"psirt@paloaltonetworks.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://security.paloaltonetworks.com/CVE-2026-0270","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0271","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:54.110","lastModified":"2026-07-10T18:18:00.457","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"0","lessThan":"26.2.1","versionType":"custom","status":"affected","changes":[{"at":"26.2.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["macOS","Windows","iOS","Android","Chrome OS"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T13:48:10.520535Z","id":"CVE-2026-0271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:prisma_access_agent:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.1","matchCriteriaId":"55CDB450-F60C-4E24-9580-6E9B787B1FB1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0271","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0272","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:54.270","lastModified":"2026-07-10T18:19:43.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW, and Prisma® Access are not impacted by this vulnerability."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","defaultStatus":"unaffected","versions":[{"version":"All","versionType":"custom","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0","lessThan":"12.1.4-h7","versionType":"custom","status":"affected","changes":[{"at":"12.1.4-h7","status":"unaffected"},{"at":"12.1.5","status":"unaffected"}]},{"version":"11.2.0","lessThan":"11.2.4-h18","versionType":"custom","status":"affected","changes":[{"at":"11.2.4-h18","status":"unaffected"},{"at":"11.2.7-h16","status":"unaffected"},{"at":"11.2.10-h9","status":"unaffected"},{"at":"11.2.11","status":"unaffected"}]},{"version":"11.1.0","lessThan":"11.1.4-h34","versionType":"custom","status":"affected","changes":[{"at":"11.1.4-h34","status":"unaffected"},{"at":"11.1.6-h33","status":"unaffected"},{"at":"11.1.7-h7","status":"unaffected"},{"at":"11.1.10-h27","status":"unaffected"},{"at":"11.1.13-h7","status":"unaffected"},{"at":"11.1.14","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.7-h35","versionType":"custom","status":"affected","changes":[{"at":"10.2.7-h35","status":"unaffected"},{"at":"10.2.10-h37","status":"unaffected"},{"at":"10.2.13-h22","status":"unaffected"},{"at":"10.2.16-h8","status":"unaffected"},{"at":"10.2.18-h5","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","defaultStatus":"unaffected","versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T03:55:35.701340Z","id":"CVE-2026-0272","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.7","matchCriteriaId":"243077CD-5021-4DF3-8AC7-5B14F7FD9710"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.8","versionEndExcluding":"10.2.10","matchCriteriaId":"F5A3E6A6-EE04-409C-AE6F-FC1ACE4C4666"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.11","versionEndExcluding":"10.2.13","matchCriteriaId":"CD4B8D09-F2B3-4C9A-A583-46DE85D9D43E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.14","versionEndExcluding":"10.2.16","matchCriteriaId":"4386D092-83D6-4914-8C26-3A1EE056FEC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","matchCriteriaId":"A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"EFB63AFC-C3EC-4D1A-BC4A-810662AD16BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"E67DEF1D-8674-41E8-AA07-0499DCCFD67A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"AA4994CB-6591-4B44-A5D7-3CDF540B97DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"71EB32DA-D82F-49DD-B06F-7F10F08F740E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"BF05E61D-0EC2-4755-8FCF-12E102A4D8FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"22ED8EDB-5549-4D29-90D2-FFE33D030912"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"A6AB7874-FE24-42AC-8E3A-822A70722126"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"61B69220-4155-4462-A133-CE7A54747B83"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","matchCriteriaId":"34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","matchCriteriaId":"0D88CC33-7E32-4E82-8A94-70759E910510"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"FA109AEA-0015-4EAA-BD86-F070FEEA2DF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","matchCriteriaId":"F90EF82F-1CC6-44B4-AFF9-02DF4EE84F81"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","matchCriteriaId":"FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","matchCriteriaId":"6B4D43CC-1B4E-4380-B4A2-487870EFC5B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","matchCriteriaId":"DF7382E1-0678-40BC-8964-9D00F6C4C6F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*","matchCriteriaId":"28994519-3519-4E94-8D8B-7C4251A82B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"776E06EC-2FDA-4664-AB43-9F6BE9B897CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*","matchCriteriaId":"53981EA8-847F-4FBC-BA55-8EDF591E0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h34:*:*:*:*:*:*","matchCriteriaId":"8585BA8F-2AA0-4413-81A1-927FE523598C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"20A2E1F0-8303-483F-9199-9FE257B8A228"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","matchCriteriaId":"3AF4AB7F-F9B0-4DC4-BFC5-8FC60CE65A9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","matchCriteriaId":"CBE09375-A863-42FF-813F-C20679D7C45C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"0247BDD2-714F-4FFD-9433-FEC7747B30D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"1311961A-0EF6-488E-B0C2-EDBD508587C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","matchCriteriaId":"C779DF2B-D72A-4327-8AD8-3EA6751741F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","matchCriteriaId":"03C5ABF2-8C53-4376-8A64-6CB34E18E77C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"64F22CCE-6EAF-403B-B522-C11085410C65"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FF7FCD8B-80DF-4004-A9D2-4EE884F089A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","matchCriteriaId":"15F5A583-A213-475E-8305-B8087DADCABF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","matchCriteriaId":"83C9637A-B615-4CC2-84AA-BDCFE611484C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","matchCriteriaId":"7EB3881C-B255-41AD-B61F-C14743824A3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","matchCriteriaId":"224270A7-767D-433B-AD51-C031506747C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*","matchCriteriaId":"A532EFC6-A883-4279-8C05-9CD600B3F963"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*","matchCriteriaId":"F4F20C02-DF90-4609-9254-B765481C83E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"872BC747-512A-4872-AC86-E7F1DC589F47"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*","matchCriteriaId":"E5E36C87-E01D-49DC-AB73-10E5EE27F596"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*","matchCriteriaId":"39437442-B24D-492F-B637-2203492327FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"67F527D0-F85B-4B83-AEA5-BA636FC89210"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*","matchCriteriaId":"984BE1FB-ADB7-4831-AEDD-39DBAED078B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*","matchCriteriaId":"AF2C954D-9763-41E3-A132-F83C82E79BC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h36:*:*:*:*:*:*","matchCriteriaId":"A963ECCF-0B20-4395-A8B0-BFFCD62598C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"6CF8F985-7E51-49E6-857A-FAAF027F5611"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"B437DCEA-ABA3-41CA-B320-97EC430F1122"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"223673C1-9327-4C12-BF02-7447D2CAD16C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"593AFE7A-CB37-4156-A2B8-646A317F3176"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","matchCriteriaId":"C2B871A6-0636-42A0-9573-6F693D7753AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","matchCriteriaId":"F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*","matchCriteriaId":"F3F8462A-71C0-4F81-9882-C73BC90697CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h15:*:*:*:*:*:*","matchCriteriaId":"85653992-4FBF-445C-881B-5F2494B597BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*","matchCriteriaId":"C1B72E68-2D01-483F-BEC5-59C49E96B976"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*","matchCriteriaId":"E49419C4-9AFE-4B7F-90EF-DB50EBB608D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","matchCriteriaId":"60CE628F-C4CB-4342-8D71-DE61A089B612"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h21:*:*:*:*:*:*","matchCriteriaId":"7050FB97-DAA8-4A15-A253-23AADE921960"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*","matchCriteriaId":"2447D2B1-A145-4036-B9F2-17648B193465"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*","matchCriteriaId":"C24353AF-DC81-49B9-9132-9EEC8E6009BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*","matchCriteriaId":"B4420489-AE0F-4A48-B2CE-C165BEBFA6A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*","matchCriteriaId":"C45D8DF1-9483-4B24-AB94-B1FF4A5F2606"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*","matchCriteriaId":"BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*","matchCriteriaId":"41B48ECA-FD05-4EA2-B1C9-771624EAAFF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*","matchCriteriaId":"4D65D1F0-323E-41AF-962E-1F9741748A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*","matchCriteriaId":"D5D41E00-D517-4B81-A7FC-C8E101884807"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h7:*:*:*:*:*:*","matchCriteriaId":"4607BEE9-193E-43A7-944C-031E956DAB85"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:*","matchCriteriaId":"8A30968E-901A-49AE-94B0-C44A5257AADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*","matchCriteriaId":"745A3A2A-73CF-4DC2-968B-ACFC66389E11"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.4","matchCriteriaId":"459485B4-47FF-4A5F-9249-AE0445A0096A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.8","versionEndExcluding":"11.1.10","matchCriteriaId":"45D0EA32-45AE-4411-8E14-43B74715387C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.11","versionEndExcluding":"11.1.13","matchCriteriaId":"D9CE1AA7-46F4-4740-BF21-EE6732134D57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","matchCriteriaId":"DF83EAA1-49E1-4AD0-A049-F1B3065950BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","matchCriteriaId":"BE3F7369-9F35-409A-9F47-45A959592DFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","matchCriteriaId":"6650937C-D778-4B5D-AA28-E7DA96DDAB7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","matchCriteriaId":"DB835E23-6984-413D-A870-8734E626D219"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","matchCriteriaId":"FD247097-EEC7-48E7-9C14-3314900BD5F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*","matchCriteriaId":"FD701663-4C57-4115-BD59-9DFFB504E2AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*","matchCriteriaId":"82816C09-6A9D-4AB2-AA55-62CC714CCA82"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*","matchCriteriaId":"A5A3CEBF-9F8A-47F9-A302-7C395F2A8146"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*","matchCriteriaId":"A79B51D2-74E8-4BA3-AE33-829A9C1776E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"83A04AA3-4B6C-4B75-9797-74FA230FD299"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*","matchCriteriaId":"E08297B1-95E9-4730-B59D-252B958C4199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*","matchCriteriaId":"B56B153E-8693-4257-9E33-38904A949ED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"AECB34F6-76F3-46E4-8F08-8570247AC281"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*","matchCriteriaId":"A220ED95-5E1A-45AA-85BD-8A58CFC6C697"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","matchCriteriaId":"E9DB4DA9-2262-4E9E-B3A1-49D261D01295"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"552C1E17-E4A7-462C-97E4-AF14C00B89FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"1EB942A4-026C-494D-A1DD-96259354CB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"4852E738-990C-4DD2-8252-D4625D843A99"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","matchCriteriaId":"010E5816-BB0D-438B-A280-AF35B435DCFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","matchCriteriaId":"CB2C59F8-2583-4510-90F8-500F8329AFFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7C31ACD7-46AB-4092-89F3-7B4C9B642199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","matchCriteriaId":"52C50A07-F4D8-4F1F-BA61-3429BB1721BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*","matchCriteriaId":"9D12FF27-C186-467C-8627-1284EBC67243"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*","matchCriteriaId":"AF4AA997-35BC-4BC1-9EF2-644503B2D806"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*","matchCriteriaId":"12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*","matchCriteriaId":"8FAE17BB-7938-41D0-8D62-46F829C647BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h18:*:*:*:*:*:*","matchCriteriaId":"2682D64E-79A4-4522-8742-7EF1637764AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*","matchCriteriaId":"6DA5A0AD-C4FB-4210-8651-F94F2875A0EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*","matchCriteriaId":"45D633D7-A4B5-4D68-9BAB-D9BA25877F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*","matchCriteriaId":"B79DB477-A907-4300-A651-16F93880B049"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*","matchCriteriaId":"AF74D8FA-677F-484D-9338-A1761614FFD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*","matchCriteriaId":"F9FC5118-4056-4E22-A1F0-D6FFA2B88472"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*","matchCriteriaId":"5E7A808F-F52F-4786-950C-591CCADB2EE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*","matchCriteriaId":"0CA82012-AA59-44C1-BB9D-0B28764D507E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*","matchCriteriaId":"27233F80-A620-42D3-927D-4FCDE6345456"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*","matchCriteriaId":"63729FA6-ED2A-4593-9436-232F282A0A78"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h32:*:*:*:*:*:*","matchCriteriaId":"33BF6023-0112-49BB-B378-6F4022B6A028"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h34:*:*:*:*:*:*","matchCriteriaId":"6F6C4DE2-32FC-42C4-87E6-FCAD39322740"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*","matchCriteriaId":"F39792EF-61B5-4874-9FD0-7544F8C5C0D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*","matchCriteriaId":"4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*","matchCriteriaId":"91529C45-FA55-4844-A153-682F729F440D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*","matchCriteriaId":"64B56778-2698-493D-80AD-B4AE81F48124"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*","matchCriteriaId":"0A9D3E2E-BA37-4F2A-BD43-97DD93E43D08"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:*","matchCriteriaId":"9DCE8F6C-541E-4C61-ABC8-4A618B0DD58D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:*","matchCriteriaId":"1E5EF79B-1A25-4AAB-AF2E-D151359E7FFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h6:*:*:*:*:*:*","matchCriteriaId":"E84BA989-C826-4AC8-8152-58ED47437D1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*","matchCriteriaId":"A92886DF-C989-47AD-8F68-8F468BBC6E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*","matchCriteriaId":"9893920B-A00E-4890-A897-EE1CF0751BA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*","matchCriteriaId":"D1289923-12D8-4FDD-B18B-C52516F14922"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*","matchCriteriaId":"AFC923D7-672D-4556-8344-BBD285324067"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*","matchCriteriaId":"E1510DE9-04A3-4E08-872D-C0F6041BCFCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h25:*:*:*:*:*:*","matchCriteriaId":"2FA04925-5B8A-439E-AECD-1BDFD83F69C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h26:*:*:*:*:*:*","matchCriteriaId":"424C66D4-97F6-408A-B3AE-FE1A90E3ACE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h27:*:*:*:*:*:*","matchCriteriaId":"8AC1F50E-E6C2-4008-9955-7473DB169171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h28:*:*:*:*:*:*","matchCriteriaId":"6748CF45-9C54-4BB8-936D-C96F0FCA71BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*","matchCriteriaId":"31CD3B15-2CE0-404A-9542-9C39B8E71027"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*","matchCriteriaId":"0194DA0B-041A-4810-8BFB-2308290517B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*","matchCriteriaId":"69E64D86-034F-4BC7-9A4E-2703D834EBC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*","matchCriteriaId":"B992628F-1114-4FC8-9364-800ACE997044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*","matchCriteriaId":"9223B0D4-6194-4684-8EF4-84A0EF511D8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*","matchCriteriaId":"CB16C018-2B70-4F4D-9025-69FF82CD40F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*","matchCriteriaId":"1259B519-130D-4584-86AA-E4EA1E89ACB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*","matchCriteriaId":"0DCA6D54-E623-4985-B35F-AC98299828EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h5:*:*:*:*:*:*","matchCriteriaId":"8EF755C9-3BCE-4194-A74E-7D12F524929A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h6:*:*:*:*:*:*","matchCriteriaId":"7736DCE5-2943-4EF6-B9D3-B69CB59DB078"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.4","matchCriteriaId":"7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.5","versionEndExcluding":"11.2.7","matchCriteriaId":"A52983E4-71BF-46D7-8A4A-D199F7DCAA36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.8","versionEndExcluding":"11.2.10","matchCriteriaId":"85010E8F-E824-4C69-9B59-58DB01789ECB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","matchCriteriaId":"C01AD190-F3C2-4349-A063-8C5C78B725B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","matchCriteriaId":"30F4CD1C-6862-4279-8D2D-40B4D164222F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*","matchCriteriaId":"8137F3AF-BA32-41BC-AD2E-A668FFA33892"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*","matchCriteriaId":"8C977AF0-D2B0-401A-A7C5-A1C71AC3C072"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*","matchCriteriaId":"B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*","matchCriteriaId":"D720448D-F40B-4C92-9101-A48AC36C9CBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*","matchCriteriaId":"5F12F7AC-D5B3-499E-87DA-27427D8BFFC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h17:*:*:*:*:*:*","matchCriteriaId":"37F41E72-9690-4BB2-BD60-0B06A7DE2329"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","matchCriteriaId":"A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","matchCriteriaId":"6E46608E-682E-47B8-B810-8714571286C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*","matchCriteriaId":"76949F0F-2ADC-492F-83F0-0A1B0E861F97"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*","matchCriteriaId":"C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*","matchCriteriaId":"73888909-64C5-41BC-BAE0-BD9BDEEAF723"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*","matchCriteriaId":"E7861D82-815D-4894-9E11-1B6B1E66CDEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*","matchCriteriaId":"D269E33D-9A79-40CC-B79A-C9A398AB7AFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*","matchCriteriaId":"9762E441-856F-466F-812C-798CA2EEF965"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*","matchCriteriaId":"0A25C9D9-BC83-49AE-BEE7-EF05F8336B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"A93C2B58-EC78-4C3D-89FF-35D9C489E39F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"A32E35C0-913E-4348-8AD4-E1F169C40C92"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"39112398-2A93-4E26-A7DF-0E3FA81C5130"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"C88442D1-599F-411D-B7A2-E17AA839F177"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"B3B538CC-6EA0-4555-B828-18A55997F454"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"A50BD9F2-F961-4ACE-9FDB-456E92692AE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"DF22EEA1-B00E-4A5F-87FB-60AD7A5A762B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"D12C3EB6-842E-4378-896C-FDBB2BC75D10"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"86B41903-FF08-454D-B626-184CB73B122E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"396DC378-7716-40F6-88A4-99299A16CAF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"5E5C6E3A-262C-4212-B21C-00E8079AA8CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"4C855108-D3C9-4DE3-B9F4-9735A0A439AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*","matchCriteriaId":"051673AB-50BF-4DD0-8679-F5825520241A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"BAC15D8A-83CA-413F-BA2B-17EC2B169F6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"70B3EB0C-87F1-46C2-B95C-C5808E473BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"073BF631-451B-4DFC-B23C-F0F68C2450F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"13AA1BEF-F2F6-4534-89F3-DF4E79217978"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"CBFDE611-4981-4D92-ABAF-858DF132535F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"AAEA66F4-81AC-49C3-81B1-65EF5F16951A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"09187411-13D4-4F5C-AF42-0716F3C96129"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h8:*:*:*:*:*:*","matchCriteriaId":"019D37D8-94E4-4228-BCE3-A08E842AE1D1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.2","versionEndExcluding":"12.1.4","matchCriteriaId":"43E1ADA0-0B71-4C1D-B53E-AA063BBCB827"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*","matchCriteriaId":"8C1ADE94-3F05-48EE-94E0-FD6EB682705C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"F727C18E-1C8D-448A-954C-073294FBC65C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"7E492BE6-EB2E-4616-85EA-3B389741301B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"E5F85240-989D-4E2D-B2D0-F0F35E0590A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"3D64D659-40F8-4A02-8385-954BE50C22CE"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0272","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0273","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:54.730","lastModified":"2026-07-10T18:28:08.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","defaultStatus":"unaffected","versions":[{"version":"All","versionType":"custom","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0","lessThan":"12.1.4-h7","versionType":"custom","status":"affected","changes":[{"at":"12.1.4-h7","status":"unaffected"},{"at":"12.1.7","status":"unaffected"}]},{"version":"11.2.0","lessThan":"11.2.4-h18","versionType":"custom","status":"affected","changes":[{"at":"11.2.4-h18","status":"unaffected"},{"at":"11.2.7-h16","status":"unaffected"},{"at":"11.2.10-h9","status":"unaffected"},{"at":"11.2.12","status":"unaffected"}]},{"version":"11.1.0","lessThan":"11.1.4-h34","versionType":"custom","status":"affected","changes":[{"at":"11.1.4-h34","status":"unaffected"},{"at":"11.1.6-h33","status":"unaffected"},{"at":"11.1.7-h7","status":"unaffected"},{"at":"11.1.10-h27","status":"unaffected"},{"at":"11.1.13-h7","status":"unaffected"},{"at":"11.1.15","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.7-h35","versionType":"custom","status":"affected","changes":[{"at":"10.2.7-h35","status":"unaffected"},{"at":"10.2.10-h37","status":"unaffected"},{"at":"10.2.13-h22","status":"unaffected"},{"at":"10.2.16-h8","status":"unaffected"},{"at":"10.2.18-h7","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","defaultStatus":"unaffected","versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T03:55:36.838015Z","id":"CVE-2026-0273","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.7","matchCriteriaId":"243077CD-5021-4DF3-8AC7-5B14F7FD9710"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.8","versionEndExcluding":"10.2.10","matchCriteriaId":"F5A3E6A6-EE04-409C-AE6F-FC1ACE4C4666"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.11","versionEndExcluding":"10.2.13","matchCriteriaId":"CD4B8D09-F2B3-4C9A-A583-46DE85D9D43E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.14","versionEndExcluding":"10.2.16","matchCriteriaId":"4386D092-83D6-4914-8C26-3A1EE056FEC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","matchCriteriaId":"A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"EFB63AFC-C3EC-4D1A-BC4A-810662AD16BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"E67DEF1D-8674-41E8-AA07-0499DCCFD67A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"AA4994CB-6591-4B44-A5D7-3CDF540B97DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"71EB32DA-D82F-49DD-B06F-7F10F08F740E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"BF05E61D-0EC2-4755-8FCF-12E102A4D8FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"22ED8EDB-5549-4D29-90D2-FFE33D030912"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"A6AB7874-FE24-42AC-8E3A-822A70722126"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"61B69220-4155-4462-A133-CE7A54747B83"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","matchCriteriaId":"34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","matchCriteriaId":"0D88CC33-7E32-4E82-8A94-70759E910510"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"FA109AEA-0015-4EAA-BD86-F070FEEA2DF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","matchCriteriaId":"F90EF82F-1CC6-44B4-AFF9-02DF4EE84F81"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","matchCriteriaId":"FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","matchCriteriaId":"6B4D43CC-1B4E-4380-B4A2-487870EFC5B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","matchCriteriaId":"DF7382E1-0678-40BC-8964-9D00F6C4C6F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*","matchCriteriaId":"28994519-3519-4E94-8D8B-7C4251A82B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"776E06EC-2FDA-4664-AB43-9F6BE9B897CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*","matchCriteriaId":"53981EA8-847F-4FBC-BA55-8EDF591E0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h34:*:*:*:*:*:*","matchCriteriaId":"8585BA8F-2AA0-4413-81A1-927FE523598C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"20A2E1F0-8303-483F-9199-9FE257B8A228"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","matchCriteriaId":"3AF4AB7F-F9B0-4DC4-BFC5-8FC60CE65A9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","matchCriteriaId":"CBE09375-A863-42FF-813F-C20679D7C45C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"0247BDD2-714F-4FFD-9433-FEC7747B30D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"1311961A-0EF6-488E-B0C2-EDBD508587C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","matchCriteriaId":"C779DF2B-D72A-4327-8AD8-3EA6751741F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","matchCriteriaId":"03C5ABF2-8C53-4376-8A64-6CB34E18E77C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"64F22CCE-6EAF-403B-B522-C11085410C65"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FF7FCD8B-80DF-4004-A9D2-4EE884F089A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","matchCriteriaId":"15F5A583-A213-475E-8305-B8087DADCABF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","matchCriteriaId":"83C9637A-B615-4CC2-84AA-BDCFE611484C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","matchCriteriaId":"7EB3881C-B255-41AD-B61F-C14743824A3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","matchCriteriaId":"224270A7-767D-433B-AD51-C031506747C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*","matchCriteriaId":"A532EFC6-A883-4279-8C05-9CD600B3F963"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*","matchCriteriaId":"F4F20C02-DF90-4609-9254-B765481C83E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"872BC747-512A-4872-AC86-E7F1DC589F47"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*","matchCriteriaId":"E5E36C87-E01D-49DC-AB73-10E5EE27F596"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*","matchCriteriaId":"39437442-B24D-492F-B637-2203492327FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"67F527D0-F85B-4B83-AEA5-BA636FC89210"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*","matchCriteriaId":"984BE1FB-ADB7-4831-AEDD-39DBAED078B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*","matchCriteriaId":"AF2C954D-9763-41E3-A132-F83C82E79BC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h36:*:*:*:*:*:*","matchCriteriaId":"A963ECCF-0B20-4395-A8B0-BFFCD62598C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"6CF8F985-7E51-49E6-857A-FAAF027F5611"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"B437DCEA-ABA3-41CA-B320-97EC430F1122"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"223673C1-9327-4C12-BF02-7447D2CAD16C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"593AFE7A-CB37-4156-A2B8-646A317F3176"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","matchCriteriaId":"C2B871A6-0636-42A0-9573-6F693D7753AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","matchCriteriaId":"F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*","matchCriteriaId":"F3F8462A-71C0-4F81-9882-C73BC90697CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h15:*:*:*:*:*:*","matchCriteriaId":"85653992-4FBF-445C-881B-5F2494B597BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*","matchCriteriaId":"C1B72E68-2D01-483F-BEC5-59C49E96B976"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*","matchCriteriaId":"E49419C4-9AFE-4B7F-90EF-DB50EBB608D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","matchCriteriaId":"60CE628F-C4CB-4342-8D71-DE61A089B612"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h21:*:*:*:*:*:*","matchCriteriaId":"7050FB97-DAA8-4A15-A253-23AADE921960"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*","matchCriteriaId":"2447D2B1-A145-4036-B9F2-17648B193465"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*","matchCriteriaId":"C24353AF-DC81-49B9-9132-9EEC8E6009BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*","matchCriteriaId":"B4420489-AE0F-4A48-B2CE-C165BEBFA6A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*","matchCriteriaId":"C45D8DF1-9483-4B24-AB94-B1FF4A5F2606"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*","matchCriteriaId":"BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*","matchCriteriaId":"41B48ECA-FD05-4EA2-B1C9-771624EAAFF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*","matchCriteriaId":"4D65D1F0-323E-41AF-962E-1F9741748A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*","matchCriteriaId":"D5D41E00-D517-4B81-A7FC-C8E101884807"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h7:*:*:*:*:*:*","matchCriteriaId":"4607BEE9-193E-43A7-944C-031E956DAB85"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:*","matchCriteriaId":"8A30968E-901A-49AE-94B0-C44A5257AADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*","matchCriteriaId":"745A3A2A-73CF-4DC2-968B-ACFC66389E11"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*","matchCriteriaId":"3A1E533E-DE4A-4F2F-A71A-FFF56E757087"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h6:*:*:*:*:*:*","matchCriteriaId":"BED53F8F-F46B-4522-91C1-A9CABD6B0A76"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.4","matchCriteriaId":"459485B4-47FF-4A5F-9249-AE0445A0096A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.8","versionEndExcluding":"11.1.10","matchCriteriaId":"45D0EA32-45AE-4411-8E14-43B74715387C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.11","versionEndExcluding":"11.1.13","matchCriteriaId":"D9CE1AA7-46F4-4740-BF21-EE6732134D57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.14","versionEndExcluding":"11.1.16","matchCriteriaId":"7CE88EF0-36D2-44ED-AD30-7870BBAAC77F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","matchCriteriaId":"DF83EAA1-49E1-4AD0-A049-F1B3065950BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","matchCriteriaId":"BE3F7369-9F35-409A-9F47-45A959592DFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","matchCriteriaId":"6650937C-D778-4B5D-AA28-E7DA96DDAB7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","matchCriteriaId":"DB835E23-6984-413D-A870-8734E626D219"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","matchCriteriaId":"FD247097-EEC7-48E7-9C14-3314900BD5F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*","matchCriteriaId":"FD701663-4C57-4115-BD59-9DFFB504E2AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*","matchCriteriaId":"82816C09-6A9D-4AB2-AA55-62CC714CCA82"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*","matchCriteriaId":"A5A3CEBF-9F8A-47F9-A302-7C395F2A8146"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*","matchCriteriaId":"A79B51D2-74E8-4BA3-AE33-829A9C1776E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"83A04AA3-4B6C-4B75-9797-74FA230FD299"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*","matchCriteriaId":"E08297B1-95E9-4730-B59D-252B958C4199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*","matchCriteriaId":"B56B153E-8693-4257-9E33-38904A949ED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"AECB34F6-76F3-46E4-8F08-8570247AC281"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*","matchCriteriaId":"A220ED95-5E1A-45AA-85BD-8A58CFC6C697"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h33:*:*:*:*:*:*","matchCriteriaId":"70C9CB1D-2512-48E7-B8B2-6F6A4A23E0A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","matchCriteriaId":"E9DB4DA9-2262-4E9E-B3A1-49D261D01295"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"552C1E17-E4A7-462C-97E4-AF14C00B89FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"1EB942A4-026C-494D-A1DD-96259354CB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"4852E738-990C-4DD2-8252-D4625D843A99"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","matchCriteriaId":"010E5816-BB0D-438B-A280-AF35B435DCFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","matchCriteriaId":"CB2C59F8-2583-4510-90F8-500F8329AFFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7C31ACD7-46AB-4092-89F3-7B4C9B642199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","matchCriteriaId":"52C50A07-F4D8-4F1F-BA61-3429BB1721BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*","matchCriteriaId":"9D12FF27-C186-467C-8627-1284EBC67243"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*","matchCriteriaId":"AF4AA997-35BC-4BC1-9EF2-644503B2D806"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*","matchCriteriaId":"12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*","matchCriteriaId":"8FAE17BB-7938-41D0-8D62-46F829C647BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h18:*:*:*:*:*:*","matchCriteriaId":"2682D64E-79A4-4522-8742-7EF1637764AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*","matchCriteriaId":"6DA5A0AD-C4FB-4210-8651-F94F2875A0EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*","matchCriteriaId":"45D633D7-A4B5-4D68-9BAB-D9BA25877F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*","matchCriteriaId":"B79DB477-A907-4300-A651-16F93880B049"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*","matchCriteriaId":"AF74D8FA-677F-484D-9338-A1761614FFD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*","matchCriteriaId":"F9FC5118-4056-4E22-A1F0-D6FFA2B88472"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*","matchCriteriaId":"5E7A808F-F52F-4786-950C-591CCADB2EE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*","matchCriteriaId":"0CA82012-AA59-44C1-BB9D-0B28764D507E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*","matchCriteriaId":"27233F80-A620-42D3-927D-4FCDE6345456"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*","matchCriteriaId":"63729FA6-ED2A-4593-9436-232F282A0A78"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h32:*:*:*:*:*:*","matchCriteriaId":"33BF6023-0112-49BB-B378-6F4022B6A028"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h34:*:*:*:*:*:*","matchCriteriaId":"6F6C4DE2-32FC-42C4-87E6-FCAD39322740"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*","matchCriteriaId":"F39792EF-61B5-4874-9FD0-7544F8C5C0D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*","matchCriteriaId":"4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*","matchCriteriaId":"91529C45-FA55-4844-A153-682F729F440D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:-:*:*:*:*:*:*","matchCriteriaId":"64B56778-2698-493D-80AD-B4AE81F48124"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h1:*:*:*:*:*:*","matchCriteriaId":"0A9D3E2E-BA37-4F2A-BD43-97DD93E43D08"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h2:*:*:*:*:*:*","matchCriteriaId":"9DCE8F6C-541E-4C61-ABC8-4A618B0DD58D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h4:*:*:*:*:*:*","matchCriteriaId":"1E5EF79B-1A25-4AAB-AF2E-D151359E7FFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.7:h6:*:*:*:*:*:*","matchCriteriaId":"E84BA989-C826-4AC8-8152-58ED47437D1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*","matchCriteriaId":"A92886DF-C989-47AD-8F68-8F468BBC6E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*","matchCriteriaId":"9893920B-A00E-4890-A897-EE1CF0751BA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*","matchCriteriaId":"D1289923-12D8-4FDD-B18B-C52516F14922"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*","matchCriteriaId":"AFC923D7-672D-4556-8344-BBD285324067"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*","matchCriteriaId":"E1510DE9-04A3-4E08-872D-C0F6041BCFCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h25:*:*:*:*:*:*","matchCriteriaId":"2FA04925-5B8A-439E-AECD-1BDFD83F69C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h26:*:*:*:*:*:*","matchCriteriaId":"424C66D4-97F6-408A-B3AE-FE1A90E3ACE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*","matchCriteriaId":"31CD3B15-2CE0-404A-9542-9C39B8E71027"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*","matchCriteriaId":"0194DA0B-041A-4810-8BFB-2308290517B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*","matchCriteriaId":"69E64D86-034F-4BC7-9A4E-2703D834EBC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*","matchCriteriaId":"B992628F-1114-4FC8-9364-800ACE997044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*","matchCriteriaId":"9223B0D4-6194-4684-8EF4-84A0EF511D8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*","matchCriteriaId":"CB16C018-2B70-4F4D-9025-69FF82CD40F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*","matchCriteriaId":"1259B519-130D-4584-86AA-E4EA1E89ACB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*","matchCriteriaId":"0DCA6D54-E623-4985-B35F-AC98299828EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h5:*:*:*:*:*:*","matchCriteriaId":"8EF755C9-3BCE-4194-A74E-7D12F524929A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h6:*:*:*:*:*:*","matchCriteriaId":"7736DCE5-2943-4EF6-B9D3-B69CB59DB078"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.14:-:*:*:*:*:*:*","matchCriteriaId":"20A38461-BC7E-4D75-A168-FA493955A54C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.4","matchCriteriaId":"7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.5","versionEndExcluding":"11.2.7","matchCriteriaId":"A52983E4-71BF-46D7-8A4A-D199F7DCAA36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.8","versionEndExcluding":"11.2.10","matchCriteriaId":"85010E8F-E824-4C69-9B59-58DB01789ECB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","matchCriteriaId":"C01AD190-F3C2-4349-A063-8C5C78B725B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","matchCriteriaId":"30F4CD1C-6862-4279-8D2D-40B4D164222F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*","matchCriteriaId":"8137F3AF-BA32-41BC-AD2E-A668FFA33892"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*","matchCriteriaId":"8C977AF0-D2B0-401A-A7C5-A1C71AC3C072"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*","matchCriteriaId":"B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*","matchCriteriaId":"D720448D-F40B-4C92-9101-A48AC36C9CBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*","matchCriteriaId":"5F12F7AC-D5B3-499E-87DA-27427D8BFFC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","matchCriteriaId":"A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","matchCriteriaId":"6E46608E-682E-47B8-B810-8714571286C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*","matchCriteriaId":"76949F0F-2ADC-492F-83F0-0A1B0E861F97"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*","matchCriteriaId":"C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*","matchCriteriaId":"73888909-64C5-41BC-BAE0-BD9BDEEAF723"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*","matchCriteriaId":"E7861D82-815D-4894-9E11-1B6B1E66CDEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*","matchCriteriaId":"D269E33D-9A79-40CC-B79A-C9A398AB7AFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*","matchCriteriaId":"9762E441-856F-466F-812C-798CA2EEF965"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*","matchCriteriaId":"0A25C9D9-BC83-49AE-BEE7-EF05F8336B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"A93C2B58-EC78-4C3D-89FF-35D9C489E39F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"A32E35C0-913E-4348-8AD4-E1F169C40C92"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"39112398-2A93-4E26-A7DF-0E3FA81C5130"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"C88442D1-599F-411D-B7A2-E17AA839F177"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"B3B538CC-6EA0-4555-B828-18A55997F454"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"A50BD9F2-F961-4ACE-9FDB-456E92692AE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"DF22EEA1-B00E-4A5F-87FB-60AD7A5A762B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"D12C3EB6-842E-4378-896C-FDBB2BC75D10"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"86B41903-FF08-454D-B626-184CB73B122E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"396DC378-7716-40F6-88A4-99299A16CAF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"5E5C6E3A-262C-4212-B21C-00E8079AA8CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"4C855108-D3C9-4DE3-B9F4-9735A0A439AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*","matchCriteriaId":"051673AB-50BF-4DD0-8679-F5825520241A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"BAC15D8A-83CA-413F-BA2B-17EC2B169F6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"70B3EB0C-87F1-46C2-B95C-C5808E473BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"073BF631-451B-4DFC-B23C-F0F68C2450F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"13AA1BEF-F2F6-4534-89F3-DF4E79217978"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"CBFDE611-4981-4D92-ABAF-858DF132535F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"AAEA66F4-81AC-49C3-81B1-65EF5F16951A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"09187411-13D4-4F5C-AF42-0716F3C96129"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h8:*:*:*:*:*:*","matchCriteriaId":"019D37D8-94E4-4228-BCE3-A08E842AE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.11:-:*:*:*:*:*:*","matchCriteriaId":"CE68AC6C-61B6-4245-96AE-3D1F96D44721"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.2","versionEndExcluding":"12.1.4","matchCriteriaId":"43E1ADA0-0B71-4C1D-B53E-AA063BBCB827"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.5","versionEndExcluding":"12.1.7","matchCriteriaId":"D1EA4C4A-D7DC-4A63-B109-9C9328772E9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*","matchCriteriaId":"8C1ADE94-3F05-48EE-94E0-FD6EB682705C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"F727C18E-1C8D-448A-954C-073294FBC65C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"7E492BE6-EB2E-4616-85EA-3B389741301B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"E5F85240-989D-4E2D-B2D0-F0F35E0590A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"3D64D659-40F8-4A02-8385-954BE50C22CE"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0273","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0274","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:55.187","lastModified":"2026-07-10T16:49:09.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XSIAM CommvaultSecurityIQ Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.1.0","lessThan":"1.2.0","versionType":"custom","status":"affected","changes":[{"at":"1.2.0","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cortex XSOAR CommvaultSecurityIQ Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.1.0","lessThan":"1.2.0","versionType":"custom","status":"affected","changes":[{"at":"1.2.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-0274","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1390"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsiam_commvaultsecurityiq_marketplace:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"DD151BA7-879B-4F39-BFAF-9046253FE182"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsoar_commvaultsecurityiq_marketplace:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2D8C3692-1612-455C-AF1F-6A697BF07622"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0274","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11769","sourceIdentifier":"security@grafana.com","published":"2026-06-13T06:16:14.380","lastModified":"2026-07-10T16:16:23.677","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.\n\n\n### Summary\n\nThe Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod.\n\n\n### Impact\n\nIt is possible for a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager.\n\n### Affected versions\n\nAll Grafana Operator versions <= 5.23\n\n### Solutions and mitigations\n\nAll installations should be upgraded as soon as possible.\n\nAs a workaround, the following ValidatingAdmissionPolicy prevent the creation or modification of jsonnet based resources:\n\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicy\nmetadata:\n  name: \"prevent-jsonnet-dashboards\"\nspec:\n  failurePolicy: Fail\n  matchConstraints:\n    resourceRules:\n      - apiGroups: [\"grafana.integreatly.org\"]\n        apiVersions: [\"v1beta1\"]\n        operations: [\"CREATE\", \"UPDATE\"]\n        resources: [\"grafanadashboards\", \"grafanalibrarypanels\"]\n  validations:\n    - expression: \"!has(object.spec.jsonnetLib)\"\n---\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicyBinding\nmetadata:\n  name: \"prevent-jsonnet-dashboards-clusterwide\"\nspec:\n  policyName: \"prevent-jsonnet-dashboards\"\n  validationActions: [Deny]\n\n\n\n### Acknowledgement\n\nWe would like to thank Artem Cherezov for responsibly disclosing the vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Operator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.23.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T17:24:16.248300Z","id":"CVE-2026-11769","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana_operator:*:*:*:*:*:*:*:*","versionEndExcluding":"5.24.0","matchCriteriaId":"A03C27FE-3E61-4442-9AC7-C9A7B0E30825"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-11769","source":"security@grafana.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10601","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:16:25.167","lastModified":"2026-07-10T16:16:22.733","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:44:03.006985Z","id":"CVE-2026-10601","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.0:-:*:*:-:*:*:*","matchCriteriaId":"1C499469-E087-433D-809A-92F454E0D917"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-10601","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-42129","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:17:36.340","lastModified":"2026-07-10T16:16:31.113","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:44:32.401117Z","id":"CVE-2026-42129","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:loki_datasource:-:*:*:*:*:*:*:*","matchCriteriaId":"AC9FBA76-8620-4AE4-85A3-AB43E19A6331"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-42129","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-9029","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:17:55.800","lastModified":"2026-07-10T16:16:39.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard (stored cross-site scripting)."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T03:55:45.644989Z","id":"CVE-2026-9029","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:-:*:*:*","matchCriteriaId":"BBF9171C-F062-4FA4-8513-2D540FA072C9"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-9029","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-42127","sourceIdentifier":"security@grafana.com","published":"2026-06-22T18:16:37.430","lastModified":"2026-07-10T16:16:30.967","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Enterprise","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:28:16.184877Z","id":"CVE-2026-42127","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"11.6.14","matchCriteriaId":"BCCF12AE-CA32-42A8-9837-4EF45704D150"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.8","matchCriteriaId":"E60EEF4D-DD52-4DB1-9E58-59B7EE4D1D9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.6","matchCriteriaId":"F0AF4DB6-120E-44EE-BF4D-E41FCBE88A77"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.4.0","versionEndIncluding":"12.4.3","matchCriteriaId":"8F22EAA5-D510-4261-9A3F-6AC315378F23"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.0.0","versionEndIncluding":"13.0.1","matchCriteriaId":"16FCDFDF-CD01-4A1C-B6DB-9C4B116374FB"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-42127","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-57589","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T01:16:26.537","lastModified":"2026-07-10T16:39:52.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget()."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenBSD","product":"OpenBSD","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*","versionEndIncluding":"7.9","matchCriteriaId":"2A4C65E8-9C59-4F6F-A5E1-74401542604D"}]}]}],"references":[{"url":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://openai.com/index/patch-the-planet/","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-24815","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:32.473","lastModified":"2026-07-10T17:07:58.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<25R2-NM","status":"affected"},{"version":"≥25R2-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:28:43.371983Z","id":"CVE-2025-24815","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-24816","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:33.617","lastModified":"2026-07-10T17:08:40.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<25R2-NM","status":"affected"},{"version":"≥25R2-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:30:08.532062Z","id":"CVE-2025-24816","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-7406","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:33.720","lastModified":"2026-07-10T17:17:29.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<NM 25R1-NM","status":"affected"},{"version":"≥NM 25R1-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:31:19.958711Z","id":"CVE-2025-7406","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38969","sourceIdentifier":"cve@mitre.org","published":"2026-07-02T21:16:56.050","lastModified":"2026-07-10T15:16:39.710","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that \"The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve production web applications that may be subject to hostile input. It is not a production web server and is not intended to receive traffic from untrusted sources. Request smuggling is only reachable when WEBrick sits behind a proxy and receives hostile traffic in a production deployment, which is the configuration the project documents as discouraged.\""}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:45:28.645063Z","id":"CVE-2026-38969","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://github.com/ruby/webrick/blob/master/README.md","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/issues/198","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/pull/199","source":"cve@mitre.org"},{"url":"https://github.com/ruby/webrick/issues/198","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-14534","sourceIdentifier":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","published":"2026-07-04T14:16:28.400","lastModified":"2026-07-10T15:10:15.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern."}],"affected":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","affectedData":[{"vendor":"trailofbits","product":"fickling","defaultStatus":"unaffected","collectionURL":"https://pypi.org/project/fickling/","packageName":"fickling","versions":[{"version":"0","lessThanOrEqual":"0.1.10","versionType":"custom","status":"affected"},{"version":"0.1.11","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:59:25.631510Z","id":"CVE-2026-14534","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","description":[{"lang":"en","value":"CWE-184"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:python:*:*","versionEndIncluding":"0.1.10","matchCriteriaId":"7D2B4444-58DC-4227-BBD7-D68FB61FA761"}]}]}],"references":[{"url":"https://github.com/trailofbits/fickling/commit/e8408615b63adf034f891f653692ab9b51f0f5af","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Patch"]},{"url":"https://github.com/trailofbits/fickling/pull/272","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/trailofbits/fickling/releases/tag/v0.1.11","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Release Notes"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58380","sourceIdentifier":"secalert@redhat.com","published":"2026-07-06T15:16:40.020","lastModified":"2026-07-10T17:26:18.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:41:04.583701Z","id":"CVE-2026-58380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6F076B19-3582-4EC8-9625-D2E716652890"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58380","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496135","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/83699817","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16206","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59089","sourceIdentifier":"secalert@redhat.com","published":"2026-07-06T20:16:38.433","lastModified":"2026-07-10T16:09:55.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:48:49.016983Z","id":"CVE-2026-59089","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.6:*:*:*:*:*:*:*","matchCriteriaId":"1120719E-8A10-4680-816A-7971F135460B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-59089","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496583","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58384","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T09:16:30.003","lastModified":"2026-07-10T15:21:56.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:30:05.659315Z","id":"CVE-2026-58384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6F076B19-3582-4EC8-9625-D2E716652890"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58384","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2497431","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/da29e217","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16216","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59709","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T15:16:49.430","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove tags on victim holdings, corrupting portfolio categorization and reports."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Ghostfolio","product":"Ghostfolio","defaultStatus":"unaffected","packageURL":"pkg:npm/ghostfolio","versions":[{"version":"0","lessThanOrEqual":"3.6.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:49:02.251483Z","id":"CVE-2026-59709","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/ghostfolio/ghostfolio","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/commit/697ef59e3b58bebc5c21a9e482e4f5643390f316","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/issues/7196","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ghostfolio-unauthorized-portfolio-holding-tag-modification-via-missing-permission-check","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/issues/7196","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57851","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T17:16:36.880","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privileges. Attackers can exploit the accessible device object through IOCTL handlers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Micro-Star International (MSI)","product":"KernCoreLib64.sys","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0.2605.1301","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T17:00:44.711176Z","id":"CVE-2026-57851","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-782"}]}],"references":[{"url":"https://github.com/readmsr/MSI_FeatureManager_CVE","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/msi-gamegaraj-kerncorelib64-sys-privilege-escalation-via-ioctl-handlers","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59708","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T19:16:55.130","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantities, buy prices, and performance metrics without authentication."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ghostfolio","product":"ghostfolio","defaultStatus":"unaffected","packageURL":"pkg:npm/ghostfolio","versions":[{"version":"0","lessThanOrEqual":"3.6.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:43:37.879668Z","id":"CVE-2026-59708","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/ghostfolio/ghostfolio","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/commit/697ef59e3b58bebc5c21a9e482e4f5643390f316","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/issues/7197","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ghostfolio-unauthorized-portfolio-data-exposure-via-public-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59800","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T19:16:55.260","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher, so no authorization check is applied). The sudoPassword field from the request body is written to the stdin of a 'sudo -S sh' child process. When sudo does not prompt for a password (the process runs as root, NOPASSWD is configured, or a recent sudo timestamp cache exists), the sudoPassword value is interpreted by sh as a shell command, allowing a remote unauthenticated attacker to execute arbitrary OS commands. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-07-04 (UTC)."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"decolua","product":"9router","defaultStatus":"unaffected","repo":"https://github.com/decolua/9router","packageURL":"pkg:npm/9router","versions":[{"version":"0","lessThan":"0.4.44","versionType":"semver","status":"affected"},{"version":"0.4.44","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T19:07:58.646180Z","id":"CVE-2026-59800","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/decolua/9router/security/advisories/GHSA-g6g7-pvmx-m74p","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/9router-os-command-injection-via-sudopassword-parameter-in-tailscale-install-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-g6g7-pvmx-m74p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53511","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.380","lastModified":"2026-07-10T18:59:59.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed unsanitized to exec() in the template formatter. This issue is fixed in version 9.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"kovidgoyal","product":"calibre","versions":[{"version":"< 9.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-53511","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/kovidgoyal/calibre/commit/712f4e1ff5c1e798c335bef3bacc4efdee052e9c","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/calibre/releases/tag/v9.10.0","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-2j4m-2q7x-2c47","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-2j4m-2q7x-2c47","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53935","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.000","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespace and bypassing namespace scoping enforced by serviceMatcher; deleting such a policy can also corrupt Cilium internal service state and stop service translation for the affected Service. This issue is fixed in versions 1.17.16, 1.18.10, and 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cilium","product":"cilium","versions":[{"version":"< 1.17.16","status":"affected"},{"version":">= 1.18.2, < 1.18.10","status":"affected"},{"version":">= 1.19.0, < 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:17:50.409065Z","id":"CVE-2026-53935","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/cilium/cilium/commit/81d446395673dc2c684c047c12715caffac1a351","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/commit/92ca32eda85aa0c7611c28221cc26fa08be17ebc","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/commit/fe7eb53c7aac9fa7ec610b1975d73fbbb198c66d","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/pull/45412","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/pull/45584","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/pull/45585","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/security/advisories/GHSA-q6h5-q3q6-f87x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55417","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.160","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route (`/username`) correctly returns 404. However, the `/json` AJAX listing endpoint does not apply the same check. An unauthenticated caller who knows the target's user ID can retrieve all of that user's publicly-scoped images, revealing the username (which should be private). This is patched in Chevereto v4.5.4. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"chevereto","product":"chevereto","versions":[{"version":">= 3.7.5, < 4.5.4","status":"affected"}]},{"vendor":"chevereto","product":"chevereto/chevereto","versions":[{"version":">= 4.0.5, < 4.5.4","status":"affected"}]},{"vendor":"chevereto","product":"rodber/chevereto-free","versions":[{"version":">= 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:11:14.626911Z","id":"CVE-2026-55417","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://chevereto.com/community/threads/chevereto-v4-5-4-announcement.16398/post-80153","source":"security-advisories@github.com"},{"url":"https://github.com/chevereto/chevereto/security/advisories/GHSA-h4jp-mxfx-g8xp","source":"security-advisories@github.com"},{"url":"https://github.com/chevereto/chevereto/security/advisories/GHSA-h4jp-mxfx-g8xp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59707","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T21:17:29.340","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation, enabling attackers to force the server to issue HTTP GET requests to private and loopback ranges with partial response content leaked through error messages."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"LocalAI","product":"LocalAI","defaultStatus":"unaffected","packageURL":"pkg:golang/github.com/mudler/LocalAI","versions":[{"version":"0","lessThanOrEqual":"v4.3.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:47:31.794452Z","id":"CVE-2026-59707","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/mudler/LocalAI","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mudler/LocalAI/commit/f9b968e19d7cbc556d59dceb2e0e450b828a3fda","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mudler/LocalAI/issues/10665","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/localai-server-side-request-forgery-via-post-models-apply","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mudler/LocalAI/issues/10665","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-28378","sourceIdentifier":"security@grafana.com","published":"2026-07-07T22:16:50.607","lastModified":"2026-07-10T16:05:56.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Enterprise","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.13","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThanOrEqual":"12.1.9","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.7","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.5","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.1","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.13","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThanOrEqual":"12.1.9","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.7","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.5","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:50:28.034051Z","id":"CVE-2026-28378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"11.6.0","versionEndIncluding":"11.6.13","matchCriteriaId":"9D59F356-7EE6-4323-B32B-6AA9895E4DF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.6.0","versionEndIncluding":"11.6.13","matchCriteriaId":"819B8356-78D3-481E-90E0-E06904E3597F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.9","matchCriteriaId":"BBDE0CB0-B614-4E8C-BCCE-1F355A2FE0E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.9","matchCriteriaId":"10C4CCFE-8186-4F2F-91E3-A7B678FC8B66"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.7","matchCriteriaId":"4A56F8B6-4BFF-4DBB-B645-2FF0BEDCA1FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.7","matchCriteriaId":"C8C2D5FB-AC31-4886-B455-009659BE58DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.5","matchCriteriaId":"CC445C84-CC5B-4723-86A6-88E966EBCDAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.5","matchCriteriaId":"CC523DB0-CC71-43F3-A842-5582CD1B3D90"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:-:*:*:*","matchCriteriaId":"BBF9171C-F062-4FA4-8513-2D540FA072C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"34DE1833-C0AD-48FD-AD0A-E58121F62683"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28378","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-54698","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.500","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field (returning SETOF some_table) to infer row values that ought to be filtered for their role based on some_table's row-level permissions. While such rows cannot be returned directly, like predicates on strings for instance allow values to be brute forced efficiently with the where clause as an oracle. This issue is fixed in versions 2.49.2 and 2.45.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hasura","product":"graphql-engine","versions":[{"version":">= 2.46.0, < 2.49.2","status":"affected"},{"version":">= 2.45.0, < 2.45.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:01:48.684963Z","id":"CVE-2026-54698","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/hasura/graphql-engine/security/advisories/GHSA-r27x-gc74-qmxh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55490","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:54.060","lastModified":"2026-07-10T17:37:00.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openwrt","product":"openwrt","versions":[{"version":"< 25.12.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:51:49.570163Z","id":"CVE-2026-55490","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*","versionEndExcluding":"25.12.5","matchCriteriaId":"93C72B3E-525F-44C1-833C-88A85A6BB586"}]}]}],"references":[{"url":"https://github.com/openwrt/openwrt/commit/63c0767f3d02f7b10b0f0b5293366bd059a08ca5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openwrt/openwrt/releases/tag/v25.12.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/openwrt/openwrt/security/advisories/GHSA-9558-77jp-g3fw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-37270","sourceIdentifier":"cve@mitre.org","published":"2026-07-07T23:16:54.657","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:37:25.807560Z","id":"CVE-2026-37270","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/EmbdCDACHyd/CVE/blob/main/CVE-2026-37270/CVE-2026-37270.pdf","source":"cve@mitre.org"},{"url":"https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2026-37270","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-37271","sourceIdentifier":"cve@mitre.org","published":"2026-07-07T23:16:54.773","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby device to trigger functionality on the smartwatch."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:02:39.429702Z","id":"CVE-2026-37271","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/EmbdCDACHyd/CVE/blob/main/CVE-2026-37271/CVE-2026-37271.pdf","source":"cve@mitre.org"},{"url":"https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2026-37271","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-50810","sourceIdentifier":"cve@mitre.org","published":"2026-07-07T23:16:54.887","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:32:19.412137Z","id":"CVE-2026-50810","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://gist.github.com/junius-sec/0c67bf67a268ff8861100bfc132e801c","source":"cve@mitre.org"},{"url":"https://github.com/gpac/gpac/commit/b35c61f104b85fbb16520ac2838d5d2ef70845b5","source":"cve@mitre.org"},{"url":"https://github.com/gpac/gpac/issues/3507","source":"cve@mitre.org"},{"url":"https://github.com/gpac/gpac/issues/3507","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59704","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T23:16:55.850","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap","product":"Cap","defaultStatus":"unaffected","packageURL":"pkg:npm/cap","versions":[{"version":"0","lessThanOrEqual":"8d48642","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:02:07.868302Z","id":"CVE-2026-59704","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/CapSoftware/Cap","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/commit/8d48642b6e7938af238386383ef1c273be4110dd","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/issues/1981","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/pull/1926","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-missing-access-control-in-video-ai-metadata-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/issues/1981","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56843","sourceIdentifier":"support@hackerone.com","published":"2026-07-08T01:16:28.277","lastModified":"2026-07-10T18:57:22.440","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be leveraged to execute code as another tenant's system user."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Webpros","product":"Plesk","defaultStatus":"unaffected","versions":[{"version":"10.4","lessThan":"18.0.78.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:04:03.813528Z","id":"CVE-2026-56843","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://support.plesk.com/hc/en-us/articles/41178305151255-Vulnerability-in-Plesk-XML-API-Cleartext-FTP-Password-Exposure","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-14454","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-08T13:16:30.053","lastModified":"2026-07-10T15:31:22.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.\n\nImager mishandled large EXIF IFD entry count values, treating them as negative numbers.  This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.\n\nAn attacker could craft an image with EXIF data that terminates a worker process."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"TONYC","product":"Imager","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Imager","programFiles":["imexif.c"],"programRoutines":[{"name":"tiff_load_ifd"}],"repo":"https://github.com/tonycoz/imager","versions":[{"version":"0","lessThan":"1.033","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:50:57.514385Z","id":"CVE-2026-14454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-196"},{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tonycoz:imager:*:*:*:*:*:perl:*:*","versionEndExcluding":"1.033","matchCriteriaId":"7A93C7AC-6CF1-4A7F-A3CC-F4EA72208710"}]}]}],"references":[{"url":"https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/TONYC/Imager-1.033/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-15053","sourceIdentifier":"3938794e-25f5-4123-a1ba-5cbd7f104512","published":"2026-07-08T14:16:56.930","lastModified":"2026-07-10T19:00:47.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tanium addressed a denial of service vulnerability in Tanium Server."}],"affected":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","affectedData":[{"vendor":"Tanium","product":"Tanium Server","versions":[{"version":"7.7.3.8298","lessThan":"7.7.3.8298","versionType":"custom","status":"affected"},{"version":"7.8.2.1198","lessThan":"7.8.2.1198","versionType":"custom","status":"affected"},{"version":"7.8.4.1327","lessThan":"7.8.4.1327","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:27:30.302303Z","id":"CVE-2026-15053","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.3.0","versionEndExcluding":"7.7.3.8298","matchCriteriaId":"1705F1B3-865D-48ED-97DD-0CB058884D42"},{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.2.0","versionEndExcluding":"7.8.2.1198","matchCriteriaId":"67604599-4DCB-45C7-BBC7-A0E28B689D23"},{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.4.0","versionEndExcluding":"7.8.4.1327","matchCriteriaId":"70EA5691-3695-4F52-BFB6-EC6D99E62325"}]}]}],"references":[{"url":"https://security.tanium.com/TAN-2026-016","source":"3938794e-25f5-4123-a1ba-5cbd7f104512","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22927","sourceIdentifier":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","published":"2026-07-08T14:16:57.060","lastModified":"2026-07-10T15:27:32.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Omnissa Workspace ONE® Tunnel for Windows addresses a   Local Privilege Escalation Vulnerability."}],"affected":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","affectedData":[{"vendor":"Omnissa","product":"Omnissa Workspace ONE® Tunnel for Windows","defaultStatus":"unaffected","versions":[{"version":"Omnissa Workspace ONE® Tunnel for Windows prior to 26.03","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-22927","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:omnissa:workspace_one_tunnel:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"2A20A5AE-BB42-4361-BB36-B4016C16827F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.omnissa.com/omnissa-security-response/","source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","tags":["Vendor Advisory"]},{"url":"https://www.omnissa.com/omsa-2026-0002","source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56362","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.887","lastModified":"2026-07-10T18:27:38.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-15","versionType":"semver","status":"affected"},{"version":"7.1.2-15","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-40","versionType":"semver","status":"affected"},{"version":"6.9.13-40","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":0.7,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:41:35.114834Z","id":"CVE-2026-56362","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-40","matchCriteriaId":"C6F44A65-1733-4752-AAD0-BCCC7BDBC877"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-15","matchCriteriaId":"6AFFD439-1068-4B6F-AE01-724AC62CDCEA"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-in-getpixelindex-via-openpixelcache-metadata-desynchronization","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-60092","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:22.370","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored (meet_join_log.user_agent) without sanitization (bypassing AVideo's setter-level xss_esc() layer) and later echoed without output encoding (no htmlspecialchars()) in the Participants management panel, which is accessible to the meeting host and site administrators. An anonymous, unauthenticated attacker can join any public meeting while supplying a User-Agent header containing an HTML/JavaScript payload; the payload is persisted and executes in the privileged, authenticated browser session of the meeting host or a site administrator when they open the participant list. The issue was unpatched at the time of the report."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"AVideo","product":"AVideo","defaultStatus":"affected"}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:17:44.201788Z","id":"CVE-2026-60092","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/e8d6119f3cb1b849149906efeb0a41fc024f59f8","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-7cqp-7cfv-6c3q","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avideo-stored-cross-site-scripting-via-unescaped-user-agent-in-participants-panel","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-7cqp-7cfv-6c3q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-24697","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:26.697","lastModified":"2026-07-10T17:54:30.890","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the start_bonjour() function of the \"rc\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:47:13.498961Z","id":"CVE-2026-24697","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/2/wp-en.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/2/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24698","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:26.827","lastModified":"2026-07-10T17:51:09.083","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the save_syslog_to_file() function of the \"httpd\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:41:31.584405Z","id":"CVE-2026-24698","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/3/wp-en.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/3/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24699","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:26.943","lastModified":"2026-07-10T17:50:43.990","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the sub_34984() function of the \"rc\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:45:19.551170Z","id":"CVE-2026-24699","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/4/wp-en.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/4/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24700","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:27.047","lastModified":"2026-07-10T17:49:52.123","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the start_lltd() function of the \"rc\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:49:06.635827Z","id":"CVE-2026-24700","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/1/wp-en.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/1/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-59703","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T15:16:32.173","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file:// scheme URLs that bypass validation and are passed directly to git clone, enabling unauthorized access to all tracked file contents on the server filesystem."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"repomix","product":"repomix","defaultStatus":"affected","packageURL":"pkg:npm/repomix","versions":[{"version":"0","lessThan":"1.14.1","versionType":"custom","status":"affected"},{"version":"0","lessThanOrEqual":"c748b52","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:51:45.464506Z","id":"CVE-2026-59703","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]}],"references":[{"url":"https://github.com/CrazyForks/repomix/commit/c748b524f41225e7fc6f89ad0084520901a453cf","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1704","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/repomix-local-file-inclusion-via-file-url-scheme-in-git-clone-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1704","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-3144","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-08T16:16:28.463","lastModified":"2026-07-10T17:01:12.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"API Connect","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0.0","lessThan":"12.1.0.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-3144","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0.0","versionEndExcluding":"12.1.1.0","matchCriteriaId":"C2FCDDB6-E3A4-4E7A-9B59-5C1DD585D384"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278909","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55761","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:31.020","lastModified":"2026-07-10T17:48:26.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization endpoints (/api/restore and /api/users/admin/init) remain accessible during the five-minute setup window for uninitialized instances, allowing a network attacker to restore a crafted backup or create the first administrator account and gain full administrative access. This issue is fixed in versions 2.39.4 and 2.43.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"portainer","product":"portainer","versions":[{"version":">= 2.39.0, < 2.39.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:51:27.827566Z","id":"CVE-2026-55761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:portainer:portainer:*:*:*:*:community:*:*:*","versionStartIncluding":"2.39.0","versionEndExcluding":"2.39.4","matchCriteriaId":"60BA3C37-7C24-47CA-9CBF-B6E3A45583A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:portainer:portainer:*:*:*:*:community:*:*:*","versionStartIncluding":"2.40.0","versionEndExcluding":"2.43.0","matchCriteriaId":"749C4535-79C1-4C3B-99C2-8FC556ED01A6"}]}]}],"references":[{"url":"https://github.com/portainer/portainer/commit/49f19107cf9a3540cbe406c9eb7f24390e1af02b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/portainer/portainer/commit/d2b56efcb4e43c4168bb6688eee9f6bf22867312","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/portainer/portainer/issues/2770","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/portainer/portainer/releases/tag/2.39.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/portainer/portainer/releases/tag/2.43.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-x626-fcwx-f5pc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57439","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:31.280","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts __proto__ as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript into HTML output. This issue is fixed in version 11.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gchq","product":"CyberChef","versions":[{"version":"< 11.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:12:11.872931Z","id":"CVE-2026-57439","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/gchq/CyberChef/commit/85db3be5d0096859b810f0e8d3e151d5dc9b948f","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/issues/2568","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/pull/2569","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/releases/tag/v11.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/security/advisories/GHSA-fx6f-382r-j72c","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/security/advisories/GHSA-fx6f-382r-j72c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59262","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T16:16:31.430","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"affine","product":"monorepo","defaultStatus":"affected","packageURL":"pkg:npm/affine/monorepo","versions":[{"version":"0","lessThan":"0.26.3","versionType":"custom","status":"affected"},{"version":"0","lessThanOrEqual":"1f0bcd0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:43:26.413343Z","id":"CVE-2026-59262","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/toeverything/AFFiNE","source":"disclosure@vulncheck.com"},{"url":"https://github.com/toeverything/AFFiNE/commit/1f0bcd01a37a522393fc1b288395e3a72a79ccad","source":"disclosure@vulncheck.com"},{"url":"https://github.com/toeverything/AFFiNE/issues/15179","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/affine-unauthorized-document-edit-history-access-via-graphql-histories-field","source":"disclosure@vulncheck.com"},{"url":"https://github.com/toeverything/AFFiNE/issues/15179","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59702","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T16:16:31.577","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers to access private network addresses, GCP metadata services, or local filesystem paths."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"repomix","product":"repomix","defaultStatus":"affected","packageURL":"pkg:npm/repomix","versions":[{"version":"0","lessThan":"1.14.1","versionType":"custom","status":"affected"},{"version":"0","lessThanOrEqual":"c748b52","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:18:46.452885Z","id":"CVE-2026-59702","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/CrazyForks/repomix/commit/c748b524f41225e7fc6f89ad0084520901a453cf","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1703","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/repomix-server-side-request-forgery-via-unvalidated-repository-urls-in-post-api-pack","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1703","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59724","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:32.980","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as __proto__ through an inherited property of the clients object during WebTransport upgrade handling, causing a TypeError and denial of service. This issue is fixed in version 6.6.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"socketio","product":"socket.io","versions":[{"version":">= 6.5.0, < 6.6.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:58:43.578991Z","id":"CVE-2026-59724","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/socketio/socket.io/commit/1fa1f46cd420ac5b57bb4c04c959b58f3c79158c","source":"security-advisories@github.com"},{"url":"https://github.com/socketio/socket.io/releases/tag/engine.io@6.6.7","source":"security-advisories@github.com"},{"url":"https://github.com/socketio/socket.io/security/advisories/GHSA-gr94-w7qr-f4j3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59725","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.133","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"socketio","product":"socket.io","versions":[{"version":">= 4.1.0, < 6.6.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:50:45.800976Z","id":"CVE-2026-59725","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"references":[{"url":"https://github.com/socketio/socket.io/commit/fc11285e14964c2132d122164bf130c355f60671","source":"security-advisories@github.com"},{"url":"https://github.com/socketio/socket.io/releases/tag/engine.io@6.6.7","source":"security-advisories@github.com"},{"url":"https://github.com/socketio/socket.io/security/advisories/GHSA-r635-g3xr-vw7x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59868","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.270","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in version 5.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nodeca","product":"js-yaml","versions":[{"version":">= 5.0.0, < 5.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:41:56.104624Z","id":"CVE-2026-59868","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/releases/tag/5.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59869","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.423","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in versions 3.15.0 and 4.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nodeca","product":"js-yaml","versions":[{"version":">= 3.0.0, < 3.15.0","status":"affected"},{"version":">= 4.0.0, < 4.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T15:14:16.302841Z","id":"CVE-2026-59869","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://github.com/nodeca/js-yaml/commit/24f13e79ee1343a7e30bd6f6c9d9cdbf0ac9b2b7","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/commit/59423c6f8cdc78742ac00e25a4dd39ef16b702e4","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/releases/tag/3.15.0","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/releases/tag/4.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-52cp-r559-cp3m","source":"security-advisories@github.com"},{"url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-52cp-r559-cp3m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59873","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.867","lastModified":"2026-07-10T18:57:17.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space and CPU. This issue is fixed in version 7.5.19."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"isaacs","product":"node-tar","versions":[{"version":"< 7.5.19","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T18:00:24.478882Z","id":"CVE-2026-59873","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isaacs:tar:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.5.19","matchCriteriaId":"DA3EF151-312C-4884-84B8-FFA6F32FBD27"}]}]}],"references":[{"url":"https://github.com/isaacs/node-tar/commit/2812e9338665659b183aa7226518c307044957d3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/isaacs/node-tar/releases/tag/v7.5.19","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-23hp-3jrh-7fpw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-23hp-3jrh-7fpw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59874","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.990","lastModified":"2026-07-10T18:54:12.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"isaacs","product":"node-tar","versions":[{"version":"< 7.5.18","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:51:08.126808Z","id":"CVE-2026-59874","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isaacs:tar:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.5.18","matchCriteriaId":"C627D7A4-A113-4F0A-8C9E-76EB0B888958"}]}]}],"references":[{"url":"https://github.com/isaacs/node-tar/commit/9e78bf058b2c22dd4d52e00d8922d5c06fc2f7b5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/isaacs/node-tar/releases/tag/v7.5.18","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-8x88-c5mf-7j5w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-8x88-c5mf-7j5w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59877","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:34.363","lastModified":"2026-07-10T18:53:14.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prematurely can cause parse, Root.load, or Root.loadSync to loop indefinitely. This issue is fixed in versions 7.6.5 and 8.6.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"protobufjs","product":"protobuf.js","versions":[{"version":">= 7.5.0, < 7.6.5","status":"affected"},{"version":">= 8.0.0, < 8.6.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:48:58.903197Z","id":"CVE-2026-59877","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.6.5","matchCriteriaId":"CE56DEAB-0C12-4D27-B6A9-9594122EB93F"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.6.6","matchCriteriaId":"0859CC9A-187E-4D68-9D7B-B5F1E4AC3A9F"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/commit/10fba6d54815ceecca8a06b9a6db490c8f5d2217","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/protobufjs/protobuf.js/commit/fa5c73add738ceb471e74da8cc2f3727c3d0a69f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/protobufjs/protobuf.js/pull/2352","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.6.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.6.6","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-j3f2-48v5-ccww","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59880","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:34.517","lastModified":"2026-07-10T18:49:51.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such as through Immutable.Map(obj), Immutable.fromJS(obj), state.merge(userObject), or mergeDeep, to craft many colliding keys and degrade insertion and lookup to consume disproportionate CPU. This issue is fixed in versions 4.3.9 and 5.1.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"immutable-js","product":"immutable-js","versions":[{"version":"< 4.3.9","status":"affected"},{"version":">= 5.0.0-beta.1, < 5.1.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:13:29.483011Z","id":"CVE-2026-59880","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.3.9","matchCriteriaId":"00ECE08B-71E4-413F-A0DF-A832BC22BEC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.1.8","matchCriteriaId":"180BFC9A-F7CD-4B20-BD0D-325018D87A22"}]}]}],"references":[{"url":"https://github.com/immutable-js/immutable-js/commit/3dd7e5655012597a41873e328bf9142a8901527b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/commit/e51d49fc612ded5ec4dfb94ff294d22074269b0f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v4.3.9","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v5.1.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-xvcm-6775-5m9r","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-xvcm-6775-5m9r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9074","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-08T16:16:35.050","lastModified":"2026-07-10T16:59:16.577","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"API Connect","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"],"versions":[{"version":"10.0.8.0","lessThan":"10.0.8.9","versionType":"semver","status":"affected"},{"version":"12.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-9074","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.8.0","versionEndExcluding":"10.0.8.10","matchCriteriaId":"5F7752F5-8A00-4C79-9B5B-B674AD2F1E25"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0.0","versionEndExcluding":"12.1.1.0","matchCriteriaId":"C2FCDDB6-E3A4-4E7A-9B59-5C1DD585D384"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278218","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7278909","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-3110","sourceIdentifier":"security@openvpn.net","published":"2026-07-08T17:17:19.650","lastModified":"2026-07-10T17:00:29.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy"}],"affected":[{"source":"security@openvpn.net","affectedData":[{"vendor":"OpenVPN","product":"Access Server","defaultStatus":"unaffected","versions":[{"version":"2.7.2","lessThanOrEqual":"3.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@openvpn.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:29:40.241425Z","id":"CVE-2025-3110","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@openvpn.net","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.2","versionEndIncluding":"3.1.0","matchCriteriaId":"1E78FCC3-BC92-47D0-83BB-309B2F778217"}]}]}],"references":[{"url":"https://openvpn.net/as-docs/as-3-2-release-notes.html","source":"security@openvpn.net","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-29007","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T17:17:20.907","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attackers can send a packet with an IP total length of 40 bytes and a TCP data offset claiming 60 bytes of header to cause tcp_parse_options() to read 40 bytes past the end of the TCP segment, potentially corrupting connection state variables such as rmt_win_scale and rmt_timestamp to disrupt TCP window calculations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"u-boot","product":"u-boot","defaultStatus":"affected","repo":"https://github.com/u-boot/u-boot","versions":[{"version":"0","lessThanOrEqual":"2026.04-rc3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T19:43:17.211226Z","id":"CVE-2026-29007","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://lists.denx.de/pipermail/u-boot/2026-May/617853.html","source":"disclosure@vulncheck.com"},{"url":"https://u-boot.org/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/u-boot-rc3-out-of-bounds-read-in-tcp-rx-state-machine-via-tcp-c","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-29008","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T17:17:21.047","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negative. When the TCP_SYN_SENT handler calls tcp_rx_user_data() without invoking tcp_seg_in_wnd() validation, the negative payload_len is implicitly converted to a large unsigned integer (e.g., 0xFFFFFFD8) and passed to memcpy() in store_block(), causing an immediate crash that prevents device boot and may enable memory corruption when CONFIG_LMB is disabled."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"u-boot","product":"u-boot","defaultStatus":"affected","repo":"https://github.com/u-boot/u-boot","versions":[{"version":"0","lessThanOrEqual":"2026.04-rc3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:55:52.553728Z","id":"CVE-2026-29008","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"references":[{"url":"https://lists.denx.de/pipermail/u-boot/2026-May/617853.html","source":"disclosure@vulncheck.com"},{"url":"https://u-boot.org/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/u-boot-rc3-integer-underflow-dos-via-tcp-rx-state-machine","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-29009","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T17:17:21.173","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff buffer by returning multiple relative symlink targets that are appended without cumulative length validation. Attackers can send two or more READLINK responses containing relative symlink targets of approximately 1100 bytes each to corrupt adjacent BSS variables including nfs_server_ip, nfs_server_mount_port, nfs_server_port, nfs_our_port, nfs_state, and rpc_id, potentially achieving memory corruption and control over the NFS client state machine."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"u-boot","product":"u-boot","defaultStatus":"affected","repo":"https://github.com/u-boot/u-boot","versions":[{"version":"0","lessThanOrEqual":"2026.04-rc3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:36:54.591359Z","id":"CVE-2026-29009","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://lists.denx.de/pipermail/u-boot/2026-May/617853.html","source":"disclosure@vulncheck.com"},{"url":"https://u-boot.org/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/u-boot-rc3-buffer-overflow-in-nfs-readlink-reply-via-nfs-readlink","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-39822","sourceIdentifier":"security@golang.org","published":"2026-07-08T17:17:21.310","lastModified":"2026-07-10T18:57:32.923","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open(\"symlink/\")' will open \"symlink\" even when \"symlink\" is a symbolic link pointing outside of the root."}],"affected":[{"source":"security@golang.org","affectedData":[{"vendor":"Go standard library","product":"os","defaultStatus":"unaffected","collectionURL":"https://pkg.go.dev","packageName":"os","programRoutines":[{"name":"rootOpenFileNolog"},{"name":"openRootInRoot"},{"name":"OpenInRoot"},{"name":"Root.Create"},{"name":"Root.Open"},{"name":"Root.OpenFile"},{"name":"Root.OpenRoot"},{"name":"Root.ReadFile"},{"name":"Root.WriteFile"},{"name":"rootFS.Open"},{"name":"rootFS.ReadDir"},{"name":"rootFS.ReadFile"}],"versions":[{"version":"0","lessThan":"1.25.12","versionType":"semver","status":"affected"},{"version":"1.26.0-0","lessThan":"1.26.5","versionType":"semver","status":"affected"},{"version":"1.27.0-0","lessThan":"1.27.0-rc.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T18:06:16.360721Z","id":"CVE-2026-39822","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-61"}]}],"references":[{"url":"https://go.dev/cl/797880","source":"security@golang.org"},{"url":"https://go.dev/issue/79005","source":"security@golang.org"},{"url":"https://groups.google.com/g/golang-announce/c/OrmQE_Yp5Sc","source":"security@golang.org"},{"url":"https://pkg.go.dev/vuln/GO-2026-4970","source":"security@golang.org"}]}},{"cve":{"id":"CVE-2026-42505","sourceIdentifier":"security@golang.org","published":"2026-07-08T17:17:21.497","lastModified":"2026-07-10T18:57:32.923","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello."}],"affected":[{"source":"security@golang.org","affectedData":[{"vendor":"Go standard library","product":"crypto/tls","defaultStatus":"unaffected","collectionURL":"https://pkg.go.dev","packageName":"crypto/tls","programRoutines":[{"name":"clientHelloMsg.marshalMsg"},{"name":"Conn.Handshake"},{"name":"Conn.HandshakeContext"},{"name":"Conn.Read"},{"name":"Conn.Write"},{"name":"Dial"},{"name":"DialWithDialer"},{"name":"Dialer.Dial"},{"name":"Dialer.DialContext"},{"name":"QUICConn.HandleData"},{"name":"QUICConn.SendSessionTicket"},{"name":"QUICConn.Start"}],"versions":[{"version":"0","lessThan":"1.25.12","versionType":"semver","status":"affected"},{"version":"1.26.0-0","lessThan":"1.26.5","versionType":"semver","status":"affected"},{"version":"1.27.0-0","lessThan":"1.27.0-rc.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T18:03:53.821942Z","id":"CVE-2026-42505","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://go.dev/cl/775960","source":"security@golang.org"},{"url":"https://go.dev/issue/79282","source":"security@golang.org"},{"url":"https://groups.google.com/g/golang-announce/c/OrmQE_Yp5Sc","source":"security@golang.org"},{"url":"https://pkg.go.dev/vuln/GO-2026-5856","source":"security@golang.org"}]}},{"cve":{"id":"CVE-2026-59879","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:26.370","lastModified":"2026-07-10T18:48:54.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js, causing an empty List to enter an uncatchable infinite loop, a populated List to allocate without bound until process abort, or setSize to silently wrap large values. This issue is fixed in versions 4.3.9 and 5.1.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"immutable-js","product":"immutable-js","versions":[{"version":">= 5.0.0-beta.1, < 5.1.8","status":"affected"},{"version":"< 4.3.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:51:48.441737Z","id":"CVE-2026-59879","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-835"},{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.3.9","matchCriteriaId":"00ECE08B-71E4-413F-A0DF-A832BC22BEC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.1.8","matchCriteriaId":"180BFC9A-F7CD-4B20-BD0D-325018D87A22"}]}]}],"references":[{"url":"https://github.com/immutable-js/immutable-js/commit/a1a1ee412dcaa380ab325196283d06594ffe4b84","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/commit/f0bc997d8eb9886aff2236635aa210a95a04304a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v4.3.9","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v5.1.8","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59882","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:26.597","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security or routing decisions. This issue is fixed in version 2.12.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"guzzle","product":"psr7","versions":[{"version":"< 2.12.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:50:26.023312Z","id":"CVE-2026-59882","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/guzzle/psr7/commit/ddd64f17d4cc1f7e5ffe6fd2c989ec7221712580","source":"security-advisories@github.com"},{"url":"https://github.com/guzzle/psr7/pull/811","source":"security-advisories@github.com"},{"url":"https://github.com/guzzle/psr7/releases/tag/2.12.3","source":"security-advisories@github.com"},{"url":"https://github.com/guzzle/psr7/security/advisories/GHSA-c2w2-prh8-qm98","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59890","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:27.020","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pypa","product":"setuptools","versions":[{"version":"< 83.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:44:32.194805Z","id":"CVE-2026-59890","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-176"},{"lang":"en","value":"CWE-697"}]}],"references":[{"url":"https://github.com/pypa/setuptools/commit/dd9f436a36486b4cb8a4c70a2321548b0be09b8f","source":"security-advisories@github.com"},{"url":"https://github.com/pypa/setuptools/releases/tag/v83.0.0","source":"security-advisories@github.com"},{"url":"https://github.com/pypa/setuptools/security/advisories/GHSA-h35f-9h28-mq5c","source":"security-advisories@github.com"},{"url":"https://github.com/pypa/setuptools/security/advisories/GHSA-h35f-9h28-mq5c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59892","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:27.190","lastModified":"2026-07-10T18:56:03.583","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, allowing an unauthenticated remote attacker to send a malformed percent-encoded value that throws an uncaught URIError and terminates a Node.js process using JaegerPropagator as the active propagator. This issue is fixed in version 2.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-telemetry","product":"opentelemetry-js","versions":[{"version":"< 2.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T19:40:34.423590Z","id":"CVE-2026-59892","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-js/commit/b1c196d49d54caae59741cca0a9d57d101d7ea88","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-js/releases/tag/v2.9.0","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-45rx-2jwx-cxfr","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-45rx-2jwx-cxfr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-60102","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T17:17:28.997","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability in the Horde_Vfs_Smb driver where the _escapeShellCommand() method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled filenames. Attackers can supply malicious filenames containing unescaped command substitution payloads through operations such as file upload, folder creation, rename, or deletion, which are interpolated into a double-quoted shell context and executed via proc_open() through /bin/sh -c before smbclient runs, resulting in arbitrary command execution on the underlying system."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"horde","product":"Vfs","defaultStatus":"affected","repo":"https://github.com/horde/Vfs","versions":[{"version":"0","lessThan":"3.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:40:35.903444Z","id":"CVE-2026-60102","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/horde/Vfs/commit/41f74b4acfc144e09013d04dd121e0a5da808361","source":"disclosure@vulncheck.com"},{"url":"https://github.com/horde/Vfs/pull/10","source":"disclosure@vulncheck.com"},{"url":"https://github.com/horde/Vfs/releases/tag/v3.0.1","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/horde-vfs-os-command-injection-via-horde-vfs-smb-driver","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-15154","sourceIdentifier":"secalert@redhat.com","published":"2026-07-08T20:16:48.430","lastModified":"2026-07-10T15:24:29.933","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-built-in-detector-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T20:38:40.332330Z","id":"CVE-2026-15154","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:*","matchCriteriaId":"EBF0A70A-E606-48C8-82C2-4D8760146265"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15154","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498188","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-36027","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T20:16:48.817","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge components"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T20:23:38.812888Z","id":"CVE-2026-36027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1313"}]}],"references":[{"url":"https://code.com","source":"cve@mitre.org"},{"url":"https://code27.com","source":"cve@mitre.org"},{"url":"https://github.com/redr0nin/Code-27-Companion-Hub-Exploits","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-44332","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:49.773","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enumeration through response timing differences. This issue is fixed in version 3.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gofiber","product":"fiber","versions":[{"version":"< 3.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:33:24.172923Z","id":"CVE-2026-44332","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://github.com/gofiber/fiber/commit/c7ac00edd19f9669b1aebbec6e229658baaa059e","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4245","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v3.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-g5vh-55hw-rxm8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45045","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:50.060","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream servers for logging, rate limiting, and access control. This issue is fixed in version 3.3.0 and 2.52.14."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gofiber","product":"fiber","versions":[{"version":">= 3.0.0-beta.2, < 3.3.0","status":"affected"},{"version":"< 2.52.14","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:19:42.395861Z","id":"CVE-2026-45045","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/gofiber/fiber/commit/1403cc8292da3220e9316960b4030cc722a0f396","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/commit/33c9501288ab47a429c8b5e701493f0c3c0af37d","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4260","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4495","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v2.52.14","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v3.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-gcfq-8gqf-4876","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53624","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:52.293","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fixed in version 3.4.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gofiber","product":"fiber","versions":[{"version":"< 3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:57:02.119046Z","id":"CVE-2026-53624","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://github.com/gofiber/fiber/commit/04dd4e7754f61768fddccacc79057e416f13e6bf","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4389","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v3.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-gv83-gqw6-9j2c","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-gv83-gqw6-9j2c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58501","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:55.323","lastModified":"2026-07-10T18:15:45.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed in version 4.3.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mvantellingen","product":"python-zeep","versions":[{"version":">= 4.0.0, < 4.3.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:20:37.552267Z","id":"CVE-2026-58501","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python-zeep:zeep:*:*:*:*:*:python:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.3.3","matchCriteriaId":"9D85C9AB-4BF5-4609-AB7D-39CBC4194889"}]}]}],"references":[{"url":"https://github.com/mvantellingen/python-zeep/commit/83eb07bc6c84d841329d4f88856fecdba86f753e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/mvantellingen/python-zeep/releases/tag/4.3.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/mvantellingen/python-zeep/security/advisories/GHSA-4cc2-g9w2-fhf6","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59802","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:55.737","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the valid_url function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and credential theft under the trusted PasswordPusher domain."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"PasswordPusher","product":"PasswordPusher","defaultStatus":"unaffected","repo":"https://github.com/pglombardo/PasswordPusher","versions":[{"version":"0","lessThan":"2.8.1","versionType":"semver","status":"affected"},{"version":"2.8.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:28:57.387311Z","id":"CVE-2026-59802","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-183"}]}],"references":[{"url":"https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-76c2-66pg-fj2f","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/passwordpusher-redirect-based-xss-via-data-uri-in-url-push-payload","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-76c2-66pg-fj2f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59803","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:55.913","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode (protocol/message.go). When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in size guard, protocol.MaxMessageLength, is checked against the compressed on-the-wire frame length, not the decompressed size, so it provides no protection. Because decoding (and decompression) occurs in readRequest before authentication, a single unauthenticated connection can send a small (under 2 MB) gzip-compressed message that expands to gigabytes of heap allocation, leading to out-of-memory conditions and service unavailability."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"smallnest","product":"rpcx","defaultStatus":"unaffected","repo":"https://github.com/smallnest/rpcx","packageURL":"pkg:golang/github.com/smallnest/rpcx","versions":[{"version":"0","lessThanOrEqual":"1.9.3","versionType":"semver","status":"affected"},{"version":"047aec18efa7d037105e2b72c36dd2ae05e1acc6","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:29:48.308645Z","id":"CVE-2026-59803","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/smallnest/rpcx/commit/047aec18efa7d037105e2b72c36dd2ae05e1acc6","source":"disclosure@vulncheck.com"},{"url":"https://github.com/smallnest/rpcx/issues/942","source":"disclosure@vulncheck.com"},{"url":"https://github.com/smallnest/rpcx/pull/943","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/rpcx-denial-of-service-via-gzip-decompression-bomb-in-wire-protocol","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59804","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:56.077","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, which performs no Origin header validation and requires no authentication token. Attackers can connect from any web page visited by the victim to seize the single-client slot, intercept and inject automation commands, exfiltrate command-payload data, or unconditionally terminate the server by supplying the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"web-infra-dev","product":"midscene","defaultStatus":"unaffected","repo":"https://github.com/web-infra-dev/midscene","packageURL":"pkg:npm/midscene","versions":[{"version":"0","lessThanOrEqual":"1.10.3","versionType":"semver","status":"affected"},{"version":"86f4118d1d847041c63d79e347e08c87c3f1a882","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:02:32.806757Z","id":"CVE-2026-59804","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-1385"}]}],"references":[{"url":"https://github.com/web-infra-dev/midscene/commit/86f4118d1d847041c63d79e347e08c87c3f1a882","source":"disclosure@vulncheck.com"},{"url":"https://github.com/web-infra-dev/midscene/issues/2752","source":"disclosure@vulncheck.com"},{"url":"https://github.com/web-infra-dev/midscene/pull/2759","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/midscene-bridge-server-session-hijack-via-unauthenticated-websocket","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59805","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:56.250","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revoke_access and undo_revoke_access actions without seller ownership validation. Attackers can modify the is_access_revoked status on arbitrary purchases to unauthorized revoke or restore buyer access to products they do not own."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"antiwork","product":"gumroad","defaultStatus":"unaffected","repo":"https://github.com/antiwork/gumroad","packageURL":"pkg:npm/gumroad","versions":[{"version":"0","lessThan":"2026.07.06.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:37:43.271098Z","id":"CVE-2026-59805","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/antiwork/gumroad/commit/e7fd0e610e73135ecf1aa07c197a36fa524832e1","source":"disclosure@vulncheck.com"},{"url":"https://github.com/antiwork/gumroad/issues/5725","source":"disclosure@vulncheck.com"},{"url":"https://github.com/antiwork/gumroad/pull/5731","source":"disclosure@vulncheck.com"},{"url":"https://github.com/antiwork/gumroad/releases/tag/v2026.07.06.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gumroad-insecure-direct-object-reference-in-purchasescontroller","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59806","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:56.973","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"gradio-app","product":"gradio","defaultStatus":"unaffected","repo":"https://github.com/gradio-app/gradio","packageURL":"pkg:npm/gradio-ui","versions":[{"version":"0","lessThan":"6.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:18:10.196884Z","id":"CVE-2026-59806","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/gradio-app/gradio/commit/1c5c53842df9c2750552d85c19a92e7e732cff3f","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/issues/13593","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/pull/13596","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/releases/tag/gradio%406.20.0","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gradio-open-redirect-and-ssrf-via-gradio-api-file-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59807","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:57.123","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt injection to manipulate file_uploadable parameters to reference sensitive paths such as SSH private keys, causing the CLI to upload credential files to attacker-controlled storage."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ComposioHQ","product":"composio","defaultStatus":"unaffected","repo":"https://github.com/ComposioHQ/composio","packageURL":"pkg:npm/composio","versions":[{"version":"0","lessThan":"0.2.32-beta.283","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:28:21.622630Z","id":"CVE-2026-59807","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/ComposioHQ/composio/commit/fc17c37bf95b7ece5c038cb7e2ab7e3e4a064e3a","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/issues/3746","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/pull/3763","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/releases/tag/%40composio%2Fcli%400.2.32-beta.283","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/composio-sdk-beta-283-sensitive-file-upload-via-tool-file-uploads-ts","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/issues/3746","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-60104","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:17:00.413","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain another user's vault key and a victim-scoped access token by creating a Trusted Device Encryption authentication request, bound to an attacker-controlled public key, that is readable from an unauthenticated endpoint once approved resulting in disclosure of the victim's vault key and account takeover."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"bitwarden","product":"server","defaultStatus":"affected","repo":"https://github.com/bitwarden/server","versions":[{"version":"0","lessThan":"2026.6.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:35:41.639610Z","id":"CVE-2026-60104","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/bitwarden/server/commit/dcf4c486b2b5bedecc03a48b427243328cc74a9a","source":"disclosure@vulncheck.com"},{"url":"https://github.com/bitwarden/server/pull/7615","source":"disclosure@vulncheck.com"},{"url":"https://github.com/bitwarden/server/releases#release-v2026.6.0","source":"disclosure@vulncheck.com"},{"url":"https://sanjokkarki.com.np/blog/bitwarden-vault-key-heist","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/bitwarden-server-authorization-bypass-via-admin-auth-request","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-0288","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-08T21:16:45.590","lastModified":"2026-07-10T15:45:17.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\n\nThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .\n\nPanorama is not impacted by this vulnerability."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","defaultStatus":"affected","platforms":["AWS","Azure"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0","lessThan":"12.1.8","versionType":"custom","status":"affected","changes":[{"at":"12.1.8","status":"unaffected"},{"at":"12.1.7-h2","status":"unaffected"},{"at":"12.1.4-h8","status":"unaffected"}]},{"version":"11.2.0","lessThan":"11.2.13","versionType":"custom","status":"affected","changes":[{"at":"11.2.13","status":"unaffected"},{"at":"11.2.10-h12","status":"unaffected"},{"at":"11.2.7-h18","status":"unaffected"},{"at":"11.2.4-h20","status":"unaffected"}]},{"version":"11.1.0","lessThan":"11.1.16","versionType":"custom","status":"affected","changes":[{"at":"11.1.16","status":"unaffected"},{"at":"11.1.13-h9","status":"unaffected"},{"at":"11.1.10-h30","status":"unaffected"},{"at":"11.1.7-h8","status":"unaffected"},{"at":"11.1.6-h35","status":"unaffected"},{"at":"11.1.4-h35","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.7-h36","versionType":"custom","status":"affected","changes":[{"at":"10.2.18-h8","status":"unaffected"},{"at":"10.2.16-h9","status":"unaffected"},{"at":"10.2.13-h23","status":"unaffected"},{"at":"10.2.10-h39","status":"unaffected"},{"at":"10.2.7-h36","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","defaultStatus":"unaffected","versions":[{"version":"11.2.0","lessThan":"11.2.7-h18","versionType":"custom","status":"affected","changes":[{"at":"11.2.7-h18","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.10-h39","versionType":"custom","status":"affected","changes":[{"at":"10.2.10-h39","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T03:55:51.922548Z","id":"CVE-2026-0288","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.7","matchCriteriaId":"243077CD-5021-4DF3-8AC7-5B14F7FD9710"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.8","versionEndExcluding":"10.2.10","matchCriteriaId":"F5A3E6A6-EE04-409C-AE6F-FC1ACE4C4666"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.11","versionEndExcluding":"10.2.13","matchCriteriaId":"CD4B8D09-F2B3-4C9A-A583-46DE85D9D43E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.14","versionEndExcluding":"10.2.16","matchCriteriaId":"4386D092-83D6-4914-8C26-3A1EE056FEC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","matchCriteriaId":"A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"EFB63AFC-C3EC-4D1A-BC4A-810662AD16BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"E67DEF1D-8674-41E8-AA07-0499DCCFD67A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"AA4994CB-6591-4B44-A5D7-3CDF540B97DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"71EB32DA-D82F-49DD-B06F-7F10F08F740E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"BF05E61D-0EC2-4755-8FCF-12E102A4D8FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"22ED8EDB-5549-4D29-90D2-FFE33D030912"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"A6AB7874-FE24-42AC-8E3A-822A70722126"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"61B69220-4155-4462-A133-CE7A54747B83"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","matchCriteriaId":"34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","matchCriteriaId":"0D88CC33-7E32-4E82-8A94-70759E910510"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"FA109AEA-0015-4EAA-BD86-F070FEEA2DF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","matchCriteriaId":"F90EF82F-1CC6-44B4-AFF9-02DF4EE84F81"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","matchCriteriaId":"FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","matchCriteriaId":"6B4D43CC-1B4E-4380-B4A2-487870EFC5B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","matchCriteriaId":"DF7382E1-0678-40BC-8964-9D00F6C4C6F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*","matchCriteriaId":"28994519-3519-4E94-8D8B-7C4251A82B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"776E06EC-2FDA-4664-AB43-9F6BE9B897CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*","matchCriteriaId":"53981EA8-847F-4FBC-BA55-8EDF591E0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h34:*:*:*:*:*:*","matchCriteriaId":"8585BA8F-2AA0-4413-81A1-927FE523598C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h35:*:*:*:*:*:*","matchCriteriaId":"B12B5B2A-0F57-4D81-B6CE-050D1F183B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"20A2E1F0-8303-483F-9199-9FE257B8A228"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","matchCriteriaId":"3AF4AB7F-F9B0-4DC4-BFC5-8FC60CE65A9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","matchCriteriaId":"CBE09375-A863-42FF-813F-C20679D7C45C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"0247BDD2-714F-4FFD-9433-FEC7747B30D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"1311961A-0EF6-488E-B0C2-EDBD508587C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","matchCriteriaId":"C779DF2B-D72A-4327-8AD8-3EA6751741F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","matchCriteriaId":"03C5ABF2-8C53-4376-8A64-6CB34E18E77C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"64F22CCE-6EAF-403B-B522-C11085410C65"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FF7FCD8B-80DF-4004-A9D2-4EE884F089A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","matchCriteriaId":"15F5A583-A213-475E-8305-B8087DADCABF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","matchCriteriaId":"83C9637A-B615-4CC2-84AA-BDCFE611484C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","matchCriteriaId":"7EB3881C-B255-41AD-B61F-C14743824A3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","matchCriteriaId":"224270A7-767D-433B-AD51-C031506747C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*","matchCriteriaId":"A532EFC6-A883-4279-8C05-9CD600B3F963"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*","matchCriteriaId":"F4F20C02-DF90-4609-9254-B765481C83E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"872BC747-512A-4872-AC86-E7F1DC589F47"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*","matchCriteriaId":"E5E36C87-E01D-49DC-AB73-10E5EE27F596"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*","matchCriteriaId":"39437442-B24D-492F-B637-2203492327FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"67F527D0-F85B-4B83-AEA5-BA636FC89210"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*","matchCriteriaId":"984BE1FB-ADB7-4831-AEDD-39DBAED078B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*","matchCriteriaId":"AF2C954D-9763-41E3-A132-F83C82E79BC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h36:*:*:*:*:*:*","matchCriteriaId":"A963ECCF-0B20-4395-A8B0-BFFCD62598C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h37:*:*:*:*:*:*","matchCriteriaId":"F9242B47-DB67-4156-8165-A2198289EAAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"6CF8F985-7E51-49E6-857A-FAAF027F5611"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"B437DCEA-ABA3-41CA-B320-97EC430F1122"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"223673C1-9327-4C12-BF02-7447D2CAD16C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"593AFE7A-CB37-4156-A2B8-646A317F3176"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","matchCriteriaId":"C2B871A6-0636-42A0-9573-6F693D7753AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","matchCriteriaId":"F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*","matchCriteriaId":"F3F8462A-71C0-4F81-9882-C73BC90697CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h15:*:*:*:*:*:*","matchCriteriaId":"85653992-4FBF-445C-881B-5F2494B597BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*","matchCriteriaId":"C1B72E68-2D01-483F-BEC5-59C49E96B976"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*","matchCriteriaId":"E49419C4-9AFE-4B7F-90EF-DB50EBB608D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","matchCriteriaId":"60CE628F-C4CB-4342-8D71-DE61A089B612"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h21:*:*:*:*:*:*","matchCriteriaId":"7050FB97-DAA8-4A15-A253-23AADE921960"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h22:*:*:*:*:*:*","matchCriteriaId":"5EA595B2-C46B-4953-A306-2DB89E315286"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*","matchCriteriaId":"2447D2B1-A145-4036-B9F2-17648B193465"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*","matchCriteriaId":"C24353AF-DC81-49B9-9132-9EEC8E6009BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*","matchCriteriaId":"B4420489-AE0F-4A48-B2CE-C165BEBFA6A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*","matchCriteriaId":"C45D8DF1-9483-4B24-AB94-B1FF4A5F2606"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*","matchCriteriaId":"BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*","matchCriteriaId":"41B48ECA-FD05-4EA2-B1C9-771624EAAFF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*","matchCriteriaId":"4D65D1F0-323E-41AF-962E-1F9741748A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*","matchCriteriaId":"D5D41E00-D517-4B81-A7FC-C8E101884807"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h7:*:*:*:*:*:*","matchCriteriaId":"4607BEE9-193E-43A7-944C-031E956DAB85"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h8:*:*:*:*:*:*","matchCriteriaId":"8DD4A357-D281-49E0-A85E-034947561F67"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:*","matchCriteriaId":"8A30968E-901A-49AE-94B0-C44A5257AADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*","matchCriteriaId":"745A3A2A-73CF-4DC2-968B-ACFC66389E11"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*","matchCriteriaId":"3A1E533E-DE4A-4F2F-A71A-FFF56E757087"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h6:*:*:*:*:*:*","matchCriteriaId":"BED53F8F-F46B-4522-91C1-A9CABD6B0A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h7:*:*:*:*:*:*","matchCriteriaId":"CA746F4C-616D-43CC-AF74-C9895149557C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.4","matchCriteriaId":"459485B4-47FF-4A5F-9249-AE0445A0096A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.8","versionEndExcluding":"11.1.10","matchCriteriaId":"45D0EA32-45AE-4411-8E14-43B74715387C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.11","versionEndExcluding":"11.1.13","matchCriteriaId":"D9CE1AA7-46F4-4740-BF21-EE6732134D57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.14","versionEndExcluding":"11.1.16","matchCriteriaId":"7CE88EF0-36D2-44ED-AD30-7870BBAAC77F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","matchCriteriaId":"DF83EAA1-49E1-4AD0-A049-F1B3065950BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","matchCriteriaId":"BE3F7369-9F35-409A-9F47-45A959592DFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","matchCriteriaId":"6650937C-D778-4B5D-AA28-E7DA96DDAB7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","matchCriteriaId":"DB835E23-6984-413D-A870-8734E626D219"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","matchCriteriaId":"FD247097-EEC7-48E7-9C14-3314900BD5F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*","matchCriteriaId":"FD701663-4C57-4115-BD59-9DFFB504E2AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*","matchCriteriaId":"82816C09-6A9D-4AB2-AA55-62CC714CCA82"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*","matchCriteriaId":"A5A3CEBF-9F8A-47F9-A302-7C395F2A8146"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*","matchCriteriaId":"A79B51D2-74E8-4BA3-AE33-829A9C1776E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"83A04AA3-4B6C-4B75-9797-74FA230FD299"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*","matchCriteriaId":"E08297B1-95E9-4730-B59D-252B958C4199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*","matchCriteriaId":"B56B153E-8693-4257-9E33-38904A949ED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"AECB34F6-76F3-46E4-8F08-8570247AC281"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*","matchCriteriaId":"A220ED95-5E1A-45AA-85BD-8A58CFC6C697"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h33:*:*:*:*:*:*","matchCriteriaId":"70C9CB1D-2512-48E7-B8B2-6F6A4A23E0A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h34:*:*:*:*:*:*","matchCriteriaId":"003AE721-D537-442E-8F34-291877B792F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","matchCriteriaId":"E9DB4DA9-2262-4E9E-B3A1-49D261D01295"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"552C1E17-E4A7-462C-97E4-AF14C00B89FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"1EB942A4-026C-494D-A1DD-96259354CB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"4852E738-990C-4DD2-8252-D4625D843A99"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","matchCriteriaId":"010E5816-BB0D-438B-A280-AF35B435DCFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","matchCriteriaId":"CB2C59F8-2583-4510-90F8-500F8329AFFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7C31ACD7-46AB-4092-89F3-7B4C9B642199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","matchCriteriaId":"52C50A07-F4D8-4F1F-BA61-3429BB1721BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*","matchCriteriaId":"9D12FF27-C186-467C-8627-1284EBC67243"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*","matchCriteriaId":"AF4AA997-35BC-4BC1-9EF2-644503B2D806"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*","matchCriteriaId":"12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*","matchCriteriaId":"8FAE17BB-7938-41D0-8D62-46F829C647BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h18:*:*:*:*:*:*","matchCriteriaId":"2682D64E-79A4-4522-8742-7EF1637764AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*","matchCriteriaId":"6DA5A0AD-C4FB-4210-8651-F94F2875A0EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*","matchCriteriaId":"45D633D7-A4B5-4D68-9BAB-D9BA25877F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*","matchCriteriaId":"B79DB477-A907-4300-A651-16F93880B049"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*","matchCriteriaId":"AF74D8FA-677F-484D-9338-A1761614FFD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*","matchCriteriaId":"F9FC5118-4056-4E22-A1F0-D6FFA2B88472"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*","matchCriteriaId":"5E7A808F-F52F-4786-950C-591CCADB2EE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*","matchCriteriaId":"0CA82012-AA59-44C1-BB9D-0B28764D507E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*","matchCriteriaId":"27233F80-A620-42D3-927D-4FCDE6345456"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*","matchCriteriaId":"63729FA6-ED2A-4593-9436-232F282A0A78"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h32:*:*:*:*:*:*","matchCriteriaId":"33BF6023-0112-49BB-B378-6F4022B6A028"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h33:*:*:*:*:*:*","matchCriteriaId":"00F43B36-8EB6-4703-8C1E-A836B06767FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h34:*:*:*:*:*:*","matchCriteriaId":"6F6C4DE2-32FC-42C4-87E6-FCAD39322740"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*","matchCriteriaId":"F39792EF-61B5-4874-9FD0-7544F8C5C0D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*","matchCriteriaId":"4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*","matchCriteriaId":"91529C45-FA55-4844-A153-682F729F440D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*","matchCriteriaId":"A92886DF-C989-47AD-8F68-8F468BBC6E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*","matchCriteriaId":"9893920B-A00E-4890-A897-EE1CF0751BA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*","matchCriteriaId":"D1289923-12D8-4FDD-B18B-C52516F14922"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*","matchCriteriaId":"AFC923D7-672D-4556-8344-BBD285324067"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*","matchCriteriaId":"E1510DE9-04A3-4E08-872D-C0F6041BCFCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h25:*:*:*:*:*:*","matchCriteriaId":"2FA04925-5B8A-439E-AECD-1BDFD83F69C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h26:*:*:*:*:*:*","matchCriteriaId":"424C66D4-97F6-408A-B3AE-FE1A90E3ACE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h27:*:*:*:*:*:*","matchCriteriaId":"8AC1F50E-E6C2-4008-9955-7473DB169171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h28:*:*:*:*:*:*","matchCriteriaId":"6748CF45-9C54-4BB8-936D-C96F0FCA71BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*","matchCriteriaId":"31CD3B15-2CE0-404A-9542-9C39B8E71027"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*","matchCriteriaId":"0194DA0B-041A-4810-8BFB-2308290517B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*","matchCriteriaId":"69E64D86-034F-4BC7-9A4E-2703D834EBC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*","matchCriteriaId":"B992628F-1114-4FC8-9364-800ACE997044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*","matchCriteriaId":"9223B0D4-6194-4684-8EF4-84A0EF511D8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*","matchCriteriaId":"CB16C018-2B70-4F4D-9025-69FF82CD40F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*","matchCriteriaId":"1259B519-130D-4584-86AA-E4EA1E89ACB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*","matchCriteriaId":"0DCA6D54-E623-4985-B35F-AC98299828EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h5:*:*:*:*:*:*","matchCriteriaId":"8EF755C9-3BCE-4194-A74E-7D12F524929A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h6:*:*:*:*:*:*","matchCriteriaId":"7736DCE5-2943-4EF6-B9D3-B69CB59DB078"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h7:*:*:*:*:*:*","matchCriteriaId":"D9BA69E2-F499-422B-B07B-5211EF79EBEB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h8:*:*:*:*:*:*","matchCriteriaId":"56E49A3E-D380-4243-B587-3E1519C0A40F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.4","matchCriteriaId":"7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.5","versionEndExcluding":"11.2.7","matchCriteriaId":"A52983E4-71BF-46D7-8A4A-D199F7DCAA36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.8","versionEndExcluding":"11.2.10","matchCriteriaId":"85010E8F-E824-4C69-9B59-58DB01789ECB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.11","versionEndExcluding":"11.2.13","matchCriteriaId":"EF47F7BA-3C75-4BE4-A82A-17F4D6880507"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","matchCriteriaId":"C01AD190-F3C2-4349-A063-8C5C78B725B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","matchCriteriaId":"30F4CD1C-6862-4279-8D2D-40B4D164222F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*","matchCriteriaId":"8137F3AF-BA32-41BC-AD2E-A668FFA33892"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*","matchCriteriaId":"8C977AF0-D2B0-401A-A7C5-A1C71AC3C072"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*","matchCriteriaId":"B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*","matchCriteriaId":"D720448D-F40B-4C92-9101-A48AC36C9CBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*","matchCriteriaId":"5F12F7AC-D5B3-499E-87DA-27427D8BFFC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h17:*:*:*:*:*:*","matchCriteriaId":"37F41E72-9690-4BB2-BD60-0B06A7DE2329"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h18:*:*:*:*:*:*","matchCriteriaId":"34E9893A-7ADF-4556-AA7C-D69162307950"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","matchCriteriaId":"A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","matchCriteriaId":"6E46608E-682E-47B8-B810-8714571286C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*","matchCriteriaId":"76949F0F-2ADC-492F-83F0-0A1B0E861F97"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*","matchCriteriaId":"C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*","matchCriteriaId":"73888909-64C5-41BC-BAE0-BD9BDEEAF723"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*","matchCriteriaId":"E7861D82-815D-4894-9E11-1B6B1E66CDEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*","matchCriteriaId":"D269E33D-9A79-40CC-B79A-C9A398AB7AFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*","matchCriteriaId":"9762E441-856F-466F-812C-798CA2EEF965"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*","matchCriteriaId":"0A25C9D9-BC83-49AE-BEE7-EF05F8336B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"A93C2B58-EC78-4C3D-89FF-35D9C489E39F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"A32E35C0-913E-4348-8AD4-E1F169C40C92"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"39112398-2A93-4E26-A7DF-0E3FA81C5130"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"C88442D1-599F-411D-B7A2-E17AA839F177"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"B3B538CC-6EA0-4555-B828-18A55997F454"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"A50BD9F2-F961-4ACE-9FDB-456E92692AE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"DF22EEA1-B00E-4A5F-87FB-60AD7A5A762B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"825D883D-FB41-4E92-A6B5-EB34BFE36A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"2F4B0A4F-18B6-40F7-8445-9B51CF3E9AA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"D12C3EB6-842E-4378-896C-FDBB2BC75D10"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"86B41903-FF08-454D-B626-184CB73B122E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"396DC378-7716-40F6-88A4-99299A16CAF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"5E5C6E3A-262C-4212-B21C-00E8079AA8CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"4C855108-D3C9-4DE3-B9F4-9735A0A439AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*","matchCriteriaId":"051673AB-50BF-4DD0-8679-F5825520241A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"BAC15D8A-83CA-413F-BA2B-17EC2B169F6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FEAE5273-8618-4DDF-810E-37BF0EDE970B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"70B3EB0C-87F1-46C2-B95C-C5808E473BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"073BF631-451B-4DFC-B23C-F0F68C2450F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"13AA1BEF-F2F6-4534-89F3-DF4E79217978"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"CBFDE611-4981-4D92-ABAF-858DF132535F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"AAEA66F4-81AC-49C3-81B1-65EF5F16951A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"09187411-13D4-4F5C-AF42-0716F3C96129"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h8:*:*:*:*:*:*","matchCriteriaId":"019D37D8-94E4-4228-BCE3-A08E842AE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h9:*:*:*:*:*:*","matchCriteriaId":"7FE1FC3F-8682-4AB8-BF98-33783263952E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.2","versionEndExcluding":"12.1.4","matchCriteriaId":"43E1ADA0-0B71-4C1D-B53E-AA063BBCB827"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.5","versionEndExcluding":"12.1.7","matchCriteriaId":"D1EA4C4A-D7DC-4A63-B109-9C9328772E9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*","matchCriteriaId":"8C1ADE94-3F05-48EE-94E0-FD6EB682705C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"F727C18E-1C8D-448A-954C-073294FBC65C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"7E492BE6-EB2E-4616-85EA-3B389741301B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"E5F85240-989D-4E2D-B2D0-F0F35E0590A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"3D64D659-40F8-4A02-8385-954BE50C22CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"2320DB49-D6E3-44D1-AE4C-F1312CA542CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.7:-:*:*:*:*:*:*","matchCriteriaId":"CFE9B2D8-346B-4FC3-AFC8-3DC715B7C044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.7:h1:*:*:*:*:*:*","matchCriteriaId":"5D8051BF-DCD1-4AFD-B5C7-97D0AF135C6E"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58192","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:52.150","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage plugin exposes POST /storage/delete, whose handler passes the user-supplied name value directly into path.join(storageRoot, name) and fs.rimraf() without path sanitization, allowing an unauthenticated remote client to escape the storage root with ../ sequences and recursively delete arbitrary writable files or directories. This issue is fixed in version 1.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"appium","product":"appium","versions":[{"version":"< 1.1.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:11:43.271551Z","id":"CVE-2026-58192","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/appium/appium/commit/5fee01752f2782e96fbe64fd13520b433d4a7535","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/pull/22362","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/releases/tag/%40appium/storage-plugin%401.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/security/advisories/GHSA-jwgx-mp9m-jwcr","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/security/advisories/GHSA-jwgx-mp9m-jwcr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-60105","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T21:16:54.813","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP() function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obtain a CSRF token from the public getSystemVars endpoint and submit a fetchRemoteFile request with a source URL resolving to an IPv4-mapped address, causing the server to issue HTTP requests to internal services and write responses to an attacker-controlled FTP destination, enabling retrieval of cloud instance metadata credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Monsta Limited of New Zealand","product":"Monsta FTP","defaultStatus":"affected","versions":[{"version":"0","lessThan":"2.14.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:43:51.598885Z","id":"CVE-2026-60105","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://www.monstaftp.com/notes/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/monsta-ftp-ssrf-via-ipv4-mapped-ipv6-address-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-44024","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.337","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the ${tag} placeholder, and insufficient validation of ${tag} in file configurations such as the path parameter of the out_file plugin allows attackers sending untrusted tags containing path traversal characters to write or overwrite arbitrary files and potentially achieve remote code execution. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-44024","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/45c87a81f3ac0b72b3f9dcfe8cfb5f9038f81437","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/pull/5391","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-44hj-4m45-frj3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44025","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.473","lastModified":"2026-07-10T19:01:51.670","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin in_monitor_agent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related endpoints unintentionally include internal instance variables that may contain database passwords, API keys, or cloud credentials. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:47:05.851155Z","id":"CVE-2026-44025","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/990921518971699b9a97441970674d1800e29177","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/pull/5392","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-pr7j-96cj-549h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44160","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.600","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's in_http and in_forward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as body_size_limit and chunk_size_limit, allowing crafted compressed payloads to decompress in memory to an excessive size and cause denial of service through memory exhaustion. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:34:49.901088Z","id":"CVE-2026-44160","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/f5f2b7cddf8aab3932e6dec9fa367a5f3eb27e10","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/pull/5393","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-j9cw-hwqf-85w7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44161","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.737","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, the Fluentd out_http output plugin allows placeholders such as ${tag} in the endpoint configuration parameter, and if a placeholder value is derived from untrusted input an attacker can control the destination hostname of outbound HTTP requests and force requests to arbitrary internal services. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:37:57.811738Z","id":"CVE-2026-44161","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/c6a01ea2e0ea01977f8d615f7c6dbfae4cba88c9","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/pull/5394","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-72f5-rr8c-r6gr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55470","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:15.377","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches() in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matches(sw) without RegexTimeout protection while replaceMatches() was updated, allowing an unauthenticated attacker to trigger catastrophic regex backtracking and exhaust server CPU. This issue is fixed in version 6.9.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapifhir","product":"org.hl7.fhir.core","versions":[{"version":"< 6.9.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:58:52.590744Z","id":"CVE-2026-55470","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/hapifhir/org.hl7.fhir.core/commit/56376f7986222626af061ca7fc27ee1ab030e590","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.9.10","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fxj4-p9xp-37v5","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fxj4-p9xp-37v5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55471","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:15.520","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform(...) overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl() without ACCESS_EXTERNAL_DTD or ACCESS_EXTERNAL_STYLESHEET restrictions, allowing an attacker who controls or can tamper with transformed XML to trigger XML External Entity injection for local file disclosure and blind XXE or SSRF to arbitrary URLs reachable from the host. This issue is fixed in version 6.9.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapifhir","product":"org.hl7.fhir.core","versions":[{"version":"< 6.9.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:26:09.323278Z","id":"CVE-2026-55471","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://github.com/hapifhir/org.hl7.fhir.core/commit/01ca2ecdefec9b33204d2495fe78af8c0dc52298","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.9.10","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-2f55-g35j-5jmf","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-2f55-g35j-5jmf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54773","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T23:16:54.960","lastModified":"2026-07-10T15:16:41.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"CoreWCF","product":"CoreWCF","versions":[{"version":">= 1.9.0, < 1.9.1","status":"affected"},{"version":"< 1.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:12.419821Z","id":"CVE-2026-54773","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56458","sourceIdentifier":"psirt@hcl.com","published":"2026-07-09T10:16:26.967","lastModified":"2026-07-10T16:00:03.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL DevOps Deploy","defaultStatus":"unaffected","versions":[{"version":"8.1-8.1.2.6, 8.2-8.2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:34:18.620355Z","id":"CVE-2026-56458","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.1.2.7","matchCriteriaId":"887DBB0F-75F9-4D4E-ABE7-0346291F5F07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0.0","versionEndExcluding":"8.2.2.0","matchCriteriaId":"B77F76EE-7E45-43CA-B92F-2D3E770E7459"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131695","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56459","sourceIdentifier":"psirt@hcl.com","published":"2026-07-09T10:16:27.093","lastModified":"2026-07-10T15:55:49.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL DevOps Deploy / HCL Launch","defaultStatus":"unaffected","versions":[{"version":"7.3-7.3.2.18, 8.0-8.0.1.13, 8.1-8.1.2.6, 8.2-8.2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:37:02.972180Z","id":"CVE-2026-56459","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndExcluding":"8.0.1.14","matchCriteriaId":"268184CF-7A79-494C-BAA7-DDD43572A611"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.1.2.7","matchCriteriaId":"887DBB0F-75F9-4D4E-ABE7-0346291F5F07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0.0","versionEndExcluding":"8.2.2.0","matchCriteriaId":"B77F76EE-7E45-43CA-B92F-2D3E770E7459"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0.0","versionEndExcluding":"7.3.2.19","matchCriteriaId":"D3CD5E06-0635-40CE-BD51-1A77EE96EF12"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131696","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12593","sourceIdentifier":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","published":"2026-07-09T14:16:26.713","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so.\n\n\n\n\n\nPrecondition for successful exploitation was a preexisting internal user (with more privileges than the attacker), the attacker knowing its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker would then have had to forge a token creation API request on behalf of the other user and could have authenticated and finalized the token creation with their own OAuth/OIDC credentials. In the worst case, this would mean an attacker could have become Dashboard Administrator and been able to perform all administrative actions if the preexisting internal user had administrative privileges. In combination with a separate weakness, this could have further led to code execution on the host system running the Dashboard with the privileges of the OS-User running the Dashboard server."}],"affected":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","affectedData":[{"vendor":"Qt","product":"Axivion","defaultStatus":"unaffected","modules":["Dashboard OIDC/OAuth2/SSO subsystem"],"versions":[{"version":"7.8.5","lessThanOrEqual":"7.8.12","versionType":"custom","status":"affected"},{"version":"7.9.0","lessThan":"7.9.13","versionType":"custom","status":"affected"},{"version":"7.10.0","lessThan":"7.10.11","versionType":"custom","status":"affected"},{"version":"7.11.0","lessThan":"7.11.7","versionType":"custom","status":"affected"},{"version":"7.12.0","lessThan":"7.12.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:20:08.451329Z","id":"CVE-2026-12593","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://wiki.qt.io/List_of_known_vulnerabilities_in_Qt_products#CVE-2026-12593","source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3"}]}},{"cve":{"id":"CVE-2026-60094","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T14:16:35.247","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked body_len field to the agentlink_server service. Attackers can craft a malicious packet that passes an attacker-controlled length directly to recv(), triggering a heap overflow of up to approximately 4 GiB and resulting in process crash or potential memory corruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vinchin","product":"Backup & Recovery 9.0","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"9.0.0.86562","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:43:10.187862Z","id":"CVE-2026-60094","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://code-white.com/public-vulnerability-list/","source":"disclosure@vulncheck.com"},{"url":"https://www.vinchin.com/news/vinchin-backup-recovery-9-0.html","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vinchin-backup-recovery-heap-buffer-overflow-via-agentlink-server","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-60095","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T14:16:35.390","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vinchin","product":"Backup & Recovery 9.0","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"9.0.0.86562","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:37:43.304739Z","id":"CVE-2026-60095","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://code-white.com/public-vulnerability-list/","source":"disclosure@vulncheck.com"},{"url":"https://www.vinchin.com/news/vinchin-backup-recovery-9-0.html","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vinchin-backup-recovery-stack-buffer-overflow-via-modulehandshake","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-11404","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T16:16:34.640","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated attacker can send a single crafted ClientHello with an oversized session id length to read past the receive buffer, crashing any HTTPS, MQTTS, or WSS service built on MG_TLS_BUILTIN."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cesanta","product":"Mongoose","defaultStatus":"affected","versions":[{"version":"0","lessThan":"7.22","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T16:09:47.106576Z","id":"CVE-2026-11404","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/cesanta/mongoose","source":"disclosure@vulncheck.com"},{"url":"https://github.com/cesanta/mongoose/commit/c288ac1f38424ffdd4d2fd5e1893fd4962642db3","source":"disclosure@vulncheck.com"},{"url":"https://github.com/cesanta/mongoose/releases/tag/7.22","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cesanta-mongoose-out-of-bounds-read-in-mg-tls-builtin-clienthello-session-id-parsing","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-51597","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.333","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without knowledge of the device credentials, gaining unauthorized access to the live video stream."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:26:33.701049Z","id":"CVE-2026-51597","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_5th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_5th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51598","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.457","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n) allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:39:53.433998Z","id":"CVE-2026-51598","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_6th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_6th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51599","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.577","lastModified":"2026-07-10T18:53:55.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:25:30.505749Z","id":"CVE-2026-51599","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_7th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_7th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51600","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.693","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (including DESCRIBE, SETUP, and PLAY methods). When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting state, causing the affected TCP connection to become permanently non-functional. The device does not actively close the connection, resulting in a TCP resource leak. This issue can be exploited by an unauthenticated remote attacker to cause a denial-of-service condition."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:42:46.812864Z","id":"CVE-2026-51600","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-703"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0/Tenda_CP3_V3.0_1th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0/Tenda_CP3_V3.0_1th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51601","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.810","lastModified":"2026-07-10T18:16:22.480","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handshake can send a PLAY request with an excessively long clock= value to cause the RTSP service to crash."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:24:24.016473Z","id":"CVE-2026-51601","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_2th/README.md","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51602","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.930","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the first SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:45:35.376992Z","id":"CVE-2026-51602","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_3th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_3th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51603","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:00.867","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a valid session ID, the RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the subsequent SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:46:53.587832Z","id":"CVE-2026-51603","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_4th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_4th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51604","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:00.970","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:34:40.326951Z","id":"CVE-2026-51604","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_6th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_6th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51605","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:01.070","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991) allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:37:50.604676Z","id":"CVE-2026-51605","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_7th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_7th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51606","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:01.173","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response. This behavior affects the request-line URL field and header field values across multiple RTSP request types."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:50:27.092634Z","id":"CVE-2026-51606","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_5th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_5th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53987","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T17:17:01.277","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Tag plugin","product":"GLPI 11","defaultStatus":"unaffected","versions":[{"version":"2.6.0","lessThan":"2.14.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:48:51.132634Z","id":"CVE-2026-53987","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/pluginsGLPI/tag","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pluginsGLPI/tag/commit/49e6b6eb5f83bcd84139a5e5ec54c0ddd14acc90","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pluginsGLPI/tag/releases/tag/2.14.4","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pluginsGLPI/tag/security/advisories/GHSA-6rpj-89c7-x2mh","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-58459","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T17:17:01.493","lastModified":"2026-07-10T18:46:22.183","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The subtype field sourced from a DEVICES JSON log entry or NMEA PGRMT sentence is written into a generated gnuplot program via a set title statement with only double-quote characters escaped, enabling arbitrary shell command execution as the user running gnuplot when the victim renders the generated plot through the gpsprof and gnuplot workflow."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ntpsec","product":"gpsd","defaultStatus":"affected","repo":"https://github.com/ntpsec/gpsd","versions":[{"version":"0","lessThanOrEqual":"3.27.5","versionType":"semver","status":"affected"},{"version":"0","lessThanOrEqual":"4c06658e988f4ced1a7a574ce082a22ef625df56","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/ntpsec/gpsd/commit/1a6bb7bcbdf58aa940132e630870af061dc88537","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ntpsec/gpsd/commit/4c06658e988f4ced1a7a574ce082a22ef625df56","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ntpsec/gpsd/commit/5581ba196d826a984fbfaf792b7d58535f9911ce","source":"disclosure@vulncheck.com"},{"url":"https://gitlab.com/gpsd/gpsd/-/work_items/404#note_3534119267","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gpsd-gpsprof-command-injection-via-gnuplot-plot-title-subtype-field","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59209","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:01.780","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and exfiltrate the secret through item data. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":">= 2.28.0, < 2.28.1","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.27.4","status":"affected"},{"version":"< 1.123.61","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:28:13.567036Z","id":"CVE-2026-59209","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.4","source":"security-advisories@github.com"},{"url":"https://github.com/n8n-io/n8n/releases/tag/n8n%402.28.1","source":"security-advisories@github.com"},{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-q3j5-8vrg-4p9q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59217","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.613","lastModified":"2026-07-10T18:32:10.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledge_id and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing read-only knowledge-base users to add arbitrary files. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/b7626f05fb92b24ab923ad81a037071ebd5623d1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26001","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-7r7x-gjvr-448g","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59218","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.750","lastModified":"2026-07-10T18:30:58.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than missing-email attempts and allowing unauthenticated account enumeration. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:50:34.890081Z","id":"CVE-2026-59218","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/993e74912199c66c522f08ec81abe31d76985e39","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26385","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-7rw5-9f7q-xj36","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59219","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.877","lastModified":"2026-07-10T18:17:21.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.9.0, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:30:33.951998Z","id":"CVE-2026-59219","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.0","versionEndExcluding":"0.10.0","matchCriteriaId":"95D3836B-989D-4770-A676-6C74C5424D45"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/33b91bd8ae8a100a5a306c91441a7d0b422c4cde","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory","Exploit"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Mitigation","Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-59220","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.040","lastModified":"2026-07-10T18:15:48.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticated chat message containing <$ without a closing > to trigger quadratic backtracking and block the asyncio event loop. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.9.2, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:44:56.824119Z","id":"CVE-2026-59220","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.2","versionEndExcluding":"0.10.0","matchCriteriaId":"8C0615CD-2CE5-4805-A9C4-3B867D0844F3"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/61a26722155ec6ee1b629cf8dfcf975098c18331","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-ffpj-xv5c-p3gw","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-ffpj-xv5c-p3gw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59222","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.353","lastModified":"2026-07-10T17:43:06.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook configuration, allowing a normal channel participant to retrieve other users’ sensitive settings. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.7.0, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:29:10.232667Z","id":"CVE-2026-59222","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.7.0","versionEndExcluding":"0.10.0","matchCriteriaId":"9A628EE1-DB35-4BAF-88D2-CB406E544135"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/fbcdcf146b99b5002705060a8243eee769108f9e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gh7p-78x6-jw6m","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gh7p-78x6-jw6m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59223","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.603","lastModified":"2026-07-10T17:39:40.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEB_FETCH_FILTER_LIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL path and sibling-domain matches that did not reflect the intended hostname policy. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:52:51.423655Z","id":"CVE-2026-59223","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/087878ce848a4d828012068b5997dac480f43656","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/25949","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-qg3f-8x3j-ggf2","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59224","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.770","lastModified":"2026-07-10T15:22:04.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal backend resolve another user identity; the HTTP proxy path also forwarded X-User-Id as an integrity-unbound identity claim. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-59224","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/5f3a628a8d291bb5d33e1a0b0c89fb62a2927934","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26042","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-j657-m4c4-24jq","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-63579","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T19:16:57.757","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be obtained. This affects Kyocera Command Center RX TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, TASKalfa 3254ci, TASKalfa 505."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:44:12.833205Z","id":"CVE-2025-63579","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-311"},{"lang":"en","value":"CWE-326"}]}],"references":[{"url":"https://github.com/barisbaydur/CVE-2025-63579","source":"cve@mitre.org"},{"url":"https://global.kyocera.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-13492","sourceIdentifier":"security@wordfence.com","published":"2026-07-09T19:17:03.883","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWP_Validation::validate_fields() function (which falls through to sanitize_text_field() for fields of type 'file', leaving directory-traversal sequences intact) combined with the UsersWP_Forms::upload_file_remove() AJAX handler building the deletion target from the uploads basedir concatenated with the attacker-controlled metadata value without any realpath canonicalization or uploads-directory boundary check before calling unlink(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the affected site's server, including wp-config."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stiofansisland","product":"UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2.65","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:47:26.202171Z","id":"CVE-2026-13492","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/AyeCode/userswp/commit/ddb17ad30ff3384cda85c5f372db30b03bd45ac8","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L1059","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L1973","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L2320","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L2323","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-validation.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3590340/userswp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf6390-480f-44e2-ae36-67e3398add33?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-49274","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.490","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page existence and retrieve title field values. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/1ae575da24e1b1cb8803a031d37eff14606d7c55","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3bad37117adf2013548a784f820ddb2d8317333c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3f4398cdcf9f50f84fdac52ad78a7a85fb31589f","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bffffce6c081f69c46163cc89b1fd18ccf2a18d1","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-23q2-54qv-rq5x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49276","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.670","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and enabling self cross-site scripting in the Panel. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:11:39.964148Z","id":"CVE-2026-49276","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-83"}]}],"references":[{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-rhj6-r49h-5932","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50188","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.827","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request(), Remote::get(), and Remote::post(), to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters in a header value to inject a separate unintended request header to the remote service. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:18:33.304762Z","id":"CVE-2026-50188","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-113"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/aa33414e1669e866cdd6f4decfae2a669e8bb828","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/fad9cbd22c73ed0fbd3aaf62310a8dcacfc007cd","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-4v4h-m2qq-ppgw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54002","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.977","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize(), Sane::sanitize(), Sane::Html::sanitize(), Sane::Svg::sanitize(), Sane::Xml::sanitize(), Sane::sanitizeFile(), or file sanitizeContents() with untrusted input allow malicious markup injected as children of an unknown HTML or XML tag to pass through Dom::sanitize() without being correctly sanitized, causing stored cross-site scripting. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:26:51.396531Z","id":"CVE-2026-54002","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-87"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/0f0437b5128c910103cbc78fc34d94b2a3faef4c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/7ad76cf9c7387462828e6ebfc8404e31b37829e9","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/9ec1873864441dbc06479ef7823da348ec7f2700","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bb2562e16c754493a403b8df84c9883108871e4c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-wr9h-4r83-f4v6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54003","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.120","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the Panel and create the first admin user because local-IP checks trusted those headers incorrectly. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:23:16.615569Z","id":"CVE-2026-54003","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-454"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/1c7fee90e49153cf9ca4a6ec17481d25fbedc48d","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3423f66c01dbc0455862e23ee699d2aa469f3234","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/66a3a14bf0892d320723ba766cd5f1d33a51d15b","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/ab992dc149610b90e337c2955ab6ccb7f72ffb3a","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/pull/8166","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-whxw-24jc-cwmv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54004","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.270","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview tokens, leading to disclosure of draft file contents. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:47:55.357107Z","id":"CVE-2026-54004","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/5b9a0ed587575e39156d37fa42ca7f6c73e121f7","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bc721080cd8dd4dcb7fc20b3fd0460ee8d0603b0","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-89cp-7p28-jffg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54005","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.400","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, including full content and metadata, for arbitrary published pages through the /api/site/find route without authorization to access those pages. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/a16dbd4329293c2c4b9a375d2badcb27c6337004","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/b22d0b64b6478ce6871dc7ec3368d7afaf078688","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-r3w8-2c5r-h9j9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54695","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.540","lastModified":"2026-07-10T15:16:41.020","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid from a Twilio stream-start handshake in src/pipecat/runner/utils.py, and passes it to TwilioFrameSerializer so the server can issue an authenticated Twilio REST API hang-up request with the server operator's credentials; equivalent unauthenticated call-control sinks exist for Telnyx and Plivo. This issue is fixed in version 1.4.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pipecat-ai","product":"pipecat","versions":[{"version":"< 1.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:59.390627Z","id":"CVE-2026-54695","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/pipecat-ai/pipecat/commit/3032da53434c5ef01d368654b3551cf21c50dec9","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/commit/88440676996e5e548e1aecea5d565e1c48ccf6fa","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/pull/4660","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/releases/tag/v1.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-j8cv-x86q-rj85","source":"security-advisories@github.com"},{"url":"https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-j8cv-x86q-rj85","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-0275","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-09T20:16:24.537","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. \n\nThis issue only affects Prisma® Browser on macOS."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Prisma Browser","defaultStatus":"unaffected","platforms":["macOS"],"versions":[{"version":"150.33.2.0","lessThan":"150.33.2.46","versionType":"custom","status":"affected","changes":[{"at":"150.33.2.46","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":2.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-0275","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0275","source":"psirt@paloaltonetworks.com"}]}},{"cve":{"id":"CVE-2026-0277","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-09T20:16:24.840","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \n\nThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["iOS"],"versions":[{"version":"0","lessThan":"26.2.1","versionType":"custom","status":"affected","changes":[{"at":"26.2.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["Linux","Windows","macOS","Android","ChromeOS"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:19:46.628829Z","id":"CVE-2026-0277","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0277","source":"psirt@paloaltonetworks.com"}]}},{"cve":{"id":"CVE-2025-45422","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:54.167","lastModified":"2026-07-10T18:53:55.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:22:59.948621Z","id":"CVE-2025-45422","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"http://b-box.com","source":"cve@mitre.org"},{"url":"http://proximus.com","source":"cve@mitre.org"},{"url":"https://github.com/Cedrico03/CVE-2025-45422---Bbox","source":"cve@mitre.org"},{"url":"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H&version=3.1","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-21901","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:54.467","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service (DoS).\n\nA local high-privileged user configuring or deactivating a specific 'system services ssh' configuration parameter can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart. Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJunos OS:\n\n\n  *  from 22.3 before 22.3R3-S5;\n  *  from 22.4 before 22.4R3-S10;\n  *  from 23.2 before 23.2R2-S7;\n  *  from 23.4 before 23.4R2-S8.\n\n\n\n\nThis issue does not affect Junos OS before 22.3R1.\n\n\n\nJunos OS Evolved:\n  *  from 22.3R1-EVO before 23.2R2-S7-EVO;\n  *  from 23.4 before 23.4R2-S8-EVO.\n\n\nThis issue does not affect Junos OS Evolved before 22.3R1-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","versions":[{"version":"22.3","lessThan":"22.3R3-S5","versionType":"custom","status":"affected"},{"version":"22.4","lessThan":"22.4R3-S10","versionType":"custom","status":"affected"},{"version":"23.2","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"0","lessThan":"22.3R1","versionType":"custom","status":"unaffected"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"23.2","lessThan":"23.2R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8-EVO","versionType":"custom","status":"affected"},{"version":"0","lessThan":"22.3R1-EVO","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Green","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:21:27.704515Z","id":"CVE-2026-21901","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-g4f7-w2rc-hpj6","source":"sirt@juniper.net"},{"url":"https://supportportal.juniper.net/JSA110072","source":"sirt@juniper.net"},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-g4f7-w2rc-hpj6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31267","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:54.667","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:30:57.994864Z","id":"CVE-2026-31267","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://barry-dev.xyz/about","source":"cve@mitre.org"},{"url":"https://gist.github.com/BarrYPL/13dcd071673866cbbfaaa05085b98cf3","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-33794","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:54.790","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the \n\nadvanced forwarding toolkit (evo-aftmand)\n\n of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to crash the \n\nevo-aftmand process on the PFE, leading to a Denial-of-Service (DoS). The conditions required for successful exploitation are based on a sequence of events that are outside an attacker's direct control.\n\nUnified list (unilist) ECMP routes are a specific ECMP behavior where multiple equal-cost routes share a single logical next-hop list entry. The router treats them as one route with multiple next hops and load balances traffic across that unified list. Due to an issue processing unilist ECMP routing updates, internal state corruption may occur, especially in large-scale ECMP unilist deployments, leading to the evo-aftmand process crashing, resulting in an evo-aftmand-bx core. Manual intervention is required to recover by rebooting the system or restarting the FPC.\n\nThis issue affects Junos OS Evolved on PTX :\n\n\n  *  from 24.4R2-EVO before 24.4R2-S3-EVO;\n  *  from 25.2 before 25.2R2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","platforms":["PTX Series"],"versions":[{"version":"24.4R2-EVO","lessThan":"24.4R2-S3-EVO","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2, 25.2R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Green","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:22:12.408693Z","id":"CVE-2026-33794","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110073","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-33799","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:54.963","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker sending specific valid SNMPv3 queries to trigger a memory leak. Over time, continuous receipt of these queries will result in snmpd process memory exhaustion, resulting in a process crash and restart, impacting the ability to monitor the system via SNMP.\n\nMemory usage can be monitored using the following command:\n\nuser@device> show system processes extensive | match snmpd\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  all versions before 21.2R3-S8;\n  *  from 21.4 before 21.4R3-S7;\n  *  from 22.1 before 22.1R3-S6;\n  *  from 22.2 before 22.2R3-S4;\n  *  from 22.3 before 22.3R3-S3;\n  *  from 22.4 before 22.4R3-S2;\n  *  from 23.2 before 23.2R2;\n  *  from 23.4 before 23.4R2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 21.2R3-S8-EVO;\n  *  from 21.4 before 21.4R3-S7-EVO;\n  *  all versions of 22.1-EVO,\n  *  from 22.2 before 22.2R3-S4-EVO;\n  *  from 22.3 before 22.3R3-S3-EVO;\n  *  all versions of 22.4-EVO,\n  *  from 23.2 before 23.2R2-EVO;\n  *  from 23.4 before 23.4R2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"21.2R3-S8","versionType":"custom","status":"affected"},{"version":"21.4","lessThan":"21.4R3-S7","versionType":"custom","status":"affected"},{"version":"22.1","lessThan":"22.1R3-S6","versionType":"custom","status":"affected"},{"version":"22.2","lessThan":"22.2R3-S4","versionType":"custom","status":"affected"},{"version":"22.3","lessThan":"22.3R3-S3","versionType":"custom","status":"affected"},{"version":"22.4","lessThan":"22.4R3-S2","versionType":"custom","status":"affected"},{"version":"23.2","lessThan":"23.2R2","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2","versionType":"custom","status":"affected"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"21.2R3-S8-EVO","versionType":"custom","status":"affected"},{"version":"21.4","lessThan":"21.4R3-S7-EVO","versionType":"custom","status":"affected"},{"version":"22.1","lessThan":"22.1*","versionType":"custom","status":"affected"},{"version":"22.2","lessThan":"22.2R3-S4-EVO","versionType":"custom","status":"affected"},{"version":"22.3","lessThan":"22.3R3-S3-EVO","versionType":"custom","status":"affected"},{"version":"22.4","lessThan":"22.4*","versionType":"custom","status":"affected"},{"version":"23.2","lessThan":"23.2R2-EVO","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:31:41.445568Z","id":"CVE-2026-33799","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110074","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-33800","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:55.163","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for processing. Especially in a Virtual-Chassis (VC) scenario with locality‑bias configured, processing takes a significant amount of time for each event. If these sessions keep flapping, new events are constantly added, and in turn PFEMAN never completes processing these events. This results in the PFEMAN watchdog timer expiring, which causes the FPC to crash and restart, representing a complete service outage.\n\n\nThis issue only affects MX series FPCs up to and including MPC9. It does not affect MPC10/11, LC4800/9600 and MX304.\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S3","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:31:18.681766Z","id":"CVE-2026-33800","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-606"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110075","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-33801","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:55.330","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service (DoS).\n\nUpon receipt of a specifically malformed non-inet/inet6 unicast BGP update, an RPD crash and restart is triggered, which will cause a complete service outage until routing has reconverged. The rpd crash occurs before the update can be readvertised, so there is no downstream propagation.\n\n\nThis issue affects:\n\n\n\n  *  Junos OS versions 25.2 before 25.2R2;\n\n\n  *  Junos OS Evolved versions 25.2 before 25.2R2-EVO.\n\n\n\n\nThis issue doesn't affect Junos OS versions before 25.2R1 nor Junos OS Evolved versions before 25.2R1-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","versions":[{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"25.2","lessThan":"25.2R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:30:53.472301Z","id":"CVE-2026-33801","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110076","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-51923","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.480","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:32:11.295042Z","id":"CVE-2026-51923","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://ZeroBreach.de","source":"cve@mitre.org"},{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51924","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.590","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:32:54.308269Z","id":"CVE-2026-51924","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51925","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.690","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source code or system files."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:33:11.999845Z","id":"CVE-2026-51925","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51926","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.790","lastModified":"2026-07-10T18:53:55.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid and invalid usernames based on variations in server responses. This information can be leveraged to identify existing accounts and facilitate further attacks, including brute-force or credential stuffing."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:34:56.289158Z","id":"CVE-2026-51926","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-55207","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T21:16:55.890","lastModified":"2026-07-10T15:52:52.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker who knows a valid admin username can take over any Pimcore admin account by sending a password reset request with an attacker-controlled resetPasswordUrl. The server generates a real cryptographic recovery token, appends it to the supplied URL, and emails the link to the victim; when the victim clicks the link, the token is sent to the attacker and can be used with POST /pimcore-studio/api/login/token to authenticate with full admin privileges while bypassing two-factor authentication. This issue is fixed in versions 2025.4.6 and 2026.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":">= 2026.1.0, < 2026.1.6","status":"affected"},{"version":"< 2025.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:34:00.598927Z","id":"CVE-2026-55207","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-h854-c3m3-mh5v","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/commit/ea9d329686f5e5aea2eec378d63ac2deb965bb27","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/pull/1882","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2025.4.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2026.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-h854-c3m3-mh5v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55208","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T21:16:56.020","lastModified":"2026-07-10T15:52:52.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST /pimcore-studio/api/website-settings endpoint and other listing endpoints accept a columnFilters array where the key field is interpolated directly into SQL with manual backtick wrapping, allowing a backtick character to break out of quoting and append arbitrary SQL such as SLEEP() and IF() subqueries. This issue is fixed in versions 2025.4.6 and 2026.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":">= 2026.1.0, < 2026.1.6","status":"affected"},{"version":"< 2025.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:51:49.735662Z","id":"CVE-2026-55208","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-79cw-hfcc-7mw9","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/commit/f532428cfbf4f5d6e299a13cedd5c29541802552","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/pull/1883","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2025.4.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2026.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-79cw-hfcc-7mw9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-60120","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T21:16:56.410","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side template injection that allows unauthenticated attackers to execute arbitrary JavaScript in administrator browsers by registering a customer account with malicious payload in the first or last name field. The create.blade.php template renders customer name fields without the Vue.js v-pre directive, causing Vue.js to evaluate stored template expressions as live JavaScript when an administrator opens the Create Order page for the affected customer."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Webkul","product":"Bagisto","defaultStatus":"affected","repo":"https://github.com/bagisto/bagisto","versions":[{"version":"0","lessThan":"2.4.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:46:55.055626Z","id":"CVE-2026-60120","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/bagisto/bagisto/commit/49d0c3fc90dedf8782c45c5979df4f4595d6bb97","source":"disclosure@vulncheck.com"},{"url":"https://github.com/bagisto/bagisto/releases/tag/v2.4.4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/bagisto-stored-xss-via-csti-in-create-blade-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-15271","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T22:17:02.210","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"TOTOLINK","product":"A3000RU","cpes":["cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"A3100R","cpes":["cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"A950RG","cpes":["cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"AC1200T10","cpes":["cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"CP450","cpes":["cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"CS185R_T10","cpes":["cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"EX200","cpes":["cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:37:19.484529Z","id":"CVE-2026-15271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-272"}]}],"references":[{"url":"https://app.notion.com/p/A3000RU-V5-9c-5185-37a1f5ba989080d38bb6ca58b2a98c64?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15271","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852316","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852317","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852318","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852319","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852320","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852321","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852323","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377214","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377214/cti","source":"cna@vuldb.com"},{"url":"https://www.totolink.net/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15274","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T22:17:03.270","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull_parser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"lo48576","product":"fbxcel","cpes":["cpe:2.3:a:lo48576:fbxcel:*:*:*:*:*:*:*:*"],"modules":["Node Header Handler"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2","status":"affected"},{"version":"0.3","status":"affected"},{"version":"0.4","status":"affected"},{"version":"0.5","status":"affected"},{"version":"0.6","status":"affected"},{"version":"0.7","status":"affected"},{"version":"0.8","status":"affected"},{"version":"0.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:38:21.175762Z","id":"CVE-2026-15274","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"references":[{"url":"https://github.com/lo48576/fbxcel/","source":"cna@vuldb.com"},{"url":"https://github.com/lo48576/fbxcel/issues/14","source":"cna@vuldb.com"},{"url":"https://github.com/lo48576/fbxcel/pull/15","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15274","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852441","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377215","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377215/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-33802","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:03.633","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400 switches, an authenticated, local attacker with no specific permissions or class can execute a specific, privileged CLI 'request' command which will cause complete traffic impact until the system automatically recovers.\n\nThis issue affects Junos OS on EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400:\n\n\n  *  23.2R2 versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S1."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["EX4100","EX4300-MP (Multigigabit)","EX2300","EX4400","EX4000"],"versions":[{"version":"23.2R2","lessThan":"23.2R2-S6","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S3","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:28:21.072727Z","id":"CVE-2026-33802","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110077","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-33803","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:03.807","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\nDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\n\nThis issue affects Junos OS Evolved:\n\n\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-S5-EVO,\n  *  24.4 versions before 24.4R2-S4-EVO,\n  *  25.2 versions before 25.2R2-S1-EVO,\n  *  25.4 versions before 25.4R1-S2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"23.2R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8-EVO","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5-EVO","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4-EVO","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2-S1-EVO","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:30:15.593698Z","id":"CVE-2026-33803","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-923"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110078","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-39243","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T22:17:04.113","lastModified":"2026-07-10T18:52:44.960","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries (type === 'link'), the x.linkname field from the archive is passed directly to fs.link() without validation (index.js line 113). An attacker can craft an archive with a hardlink entry whose linkname is an absolute path to any file on the same filesystem. This creates a hardlink inside the extraction directory that shares the same inode as the target file, enabling both reading and overwriting the original file's content. Hardlinks are limited to files on the same filesystem and cannot target directories."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:24:02.481203Z","id":"CVE-2026-39243","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/kevva/decompress","source":"cve@mitre.org"},{"url":"https://github.com/kevva/decompress/issues/113","source":"cve@mitre.org"},{"url":"https://www.npmjs.com/package/decompress","source":"cve@mitre.org"},{"url":"https://github.com/kevva/decompress/issues/113","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-39245","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T22:17:04.247","lastModified":"2026-07-10T18:52:44.960","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function (index.js line 29) and the extraction path validation (index.js line 106) use String.indexOf() to verify the resolved path is within the output directory: realDestinationDir.indexOf(realOutputPath) !== 0. This check is flawed because it does not enforce a path separator boundary. For example, \"/tmp/app_config\".indexOf(\"/tmp/app\") returns 0, incorrectly passing the check even though /tmp/app_config is outside /tmp/app. Combined with the unvalidated symlink creation in the same package, an attacker can write arbitrary files to directories adjacent to the extraction target. This is a bypass of the fix for CVE-2020-12265. The correct check requires appending a path separator: realParentPath.indexOf(realOutputPath + path.sep) !== 0."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:19:01.067636Z","id":"CVE-2026-39245","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/kevva/decompress","source":"cve@mitre.org"},{"url":"https://github.com/kevva/decompress/issues/115","source":"cve@mitre.org"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12265","source":"cve@mitre.org"},{"url":"https://www.npmjs.com/package/decompress","source":"cve@mitre.org"},{"url":"https://github.com/kevva/decompress/issues/115","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-39246","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T22:17:04.370","lastModified":"2026-07-10T18:52:44.960","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries (type === 'symlink'), the x.linkname field from the archive is passed directly to fs.symlink() without validation (index.js line 121). The preventWritingThroughSymlink check on line 98 only applies to file entries, not symlink creation. An attacker can craft an archive with symlink entries pointing to sensitive files outside the extraction directory (e.g., /etc/passwd), enabling information disclosure when the application reads the extracted contents."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:09:33.857465Z","id":"CVE-2026-39246","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/kevva/decompress","source":"cve@mitre.org"},{"url":"https://github.com/kevva/decompress/issues/114","source":"cve@mitre.org"},{"url":"https://www.npmjs.com/package/decompress","source":"cve@mitre.org"},{"url":"https://github.com/kevva/decompress/issues/114","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45780","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:04.770","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/37969503f20369eb1712b7b88daedcfb4f63f5f1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/4d46638041b5f3d1e1f7f6f6f19c1df3bd65a586","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/6457ab71f36a2d1440fe96af0a2593897844b023","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/7deb4b6963442569357b41e61febe37594e5e730","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-22v7-6wgj-g9f7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45788","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:04.933","lastModified":"2026-07-10T15:53:08.640","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pull_hotlinked_images when an attacker knew the secured upload URL and the secure_uploads site setting was enabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:39:07.478798Z","id":"CVE-2026-45788","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/5807c426880eadf248006e851604fc9284327ce5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/8b4a959b251a856a9c911fb9f2ac34fbc31a7471","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/eff53af26367ae0dcb3a426954d233e8c7449f95","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/fa74e0dec7341a858ab83a1977fa52629bced1aa","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-3876-w96v-8v38","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46413","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.090","lastModified":"2026-07-10T15:53:08.640","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:32:30.407572Z","id":"CVE-2026-46413","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/1f1ded8dd361d81786bff17b35e1138d6ee299c0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/7ddde266617b452152c1bf5f903f6c07be38fc40","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/a53df26dcf7e50ce2b20bfd5454a0c9d44b8fc7d","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/abaa664c5df84026efb2ca264ba0f5586c3f2b01","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-3mvf-q9rg-w6m7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49256","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.260","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowed_tags, allowed_tag_groups, or required tag groups could leak to anonymous and unauthorized users through category and group endpoints. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:39:15.102132Z","id":"CVE-2026-49256","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-mwp7-572g-6qpx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53961","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.440","lastModified":"2026-07-10T15:53:08.640","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish validly signed forged Bounce notifications that revoke a targeted user email. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:44:24.781167Z","id":"CVE-2026-53961","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/3a3d315a85ef3c6aabfc7e7bb38702059784f06b","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/61f12e13aa1b760f81d5ff60f12e3a7e77434b94","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/958f0cd831d65a49ec75f05343ca2c167679f0ea","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/aea35190791261bab258ebab05da279e78cdd0e6","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-8f9m-v436-wr3x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53963","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.763","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that account. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/40de62cddadc65c328a1028ab999f3fa94adbfed","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/529e17d4d570a48972e7cf64720e5dd1fdf23ca8","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/d92973e51a46cf6dd20c71e6068e6769b67eea5b","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/daea5214d833eacbdd3b1a78d99eb14e9cabd915","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-wg5x-7f23-m3r5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55170","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:05.937","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorization_model identifier columns can compare case-distinct values such as user:Alice and user:alice as equivalent, causing two distinct check requests to return the same response. This issue is fixed in 1.18.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openfga","product":"openfga","versions":[{"version":"< 1.18.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:26:05.820781Z","id":"CVE-2026-55170","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"}]}],"references":[{"url":"https://github.com/openfga/helm-charts/commit/96d5517a2693ff5def451dee7d6b9d1baeb281f8","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/helm-charts/releases/tag/openfga-0.3.9","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/openfga/commit/a2e0dbefc3e01a95c785f81a3563bc6571b08b11","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/openfga/releases/tag/v1.18.0","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-cf98-j28v-49v6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55424","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:06.097","lastModified":"2026-07-10T16:16:33.177","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic \"featured link\" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content Security Policy protections were modified or disabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:39:57.512653Z","id":"CVE-2026-55424","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/1bce8881e4253d9bbab56f011a12ef899b926b59","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/6679d9a5083488bae10c2adbb345c481c583242c","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/6828aee9b15c2655d63b515ac919830bd540ff83","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/c9b9405f5bd0bf0269e505e28e3aad388d7657c5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-695w-7fv8-mxg3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55689","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:06.553","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service by the same identity provider to authenticate to OpenFGA. This issue is fixed in 1.18.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openfga","product":"openfga","versions":[{"version":"< 1.18.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:45:33.367225Z","id":"CVE-2026-55689","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/openfga/helm-ch","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/helm-charts/releases/tag/openfga-0.3.9","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/openfga/commit/44596773b2e62738720ef215bf7fa04352954271","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/openfga/releases/tag/v1.18.0","source":"security-advisories@github.com"},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-hcxc-wf8j-23hv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57019","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:06.707","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\n\nWhen a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.\n\nAffected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE).\n\nWhen this issue happens the following logs can be observed:\n\nfpc<#> CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default\nfpc<#> Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default\n\n\n\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S6","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:29:42.438982Z","id":"CVE-2026-57019","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110079","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57020","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:06.887","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nOn all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.\n\n\n\nThis issue affects Junos OS on QFX10000 Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4.\n\n\n\nThis issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["QFX10000 Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:28:54.914596Z","id":"CVE-2026-57020","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110080","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57021","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.057","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.\n\nThis issue affects Junos OS on SRX Series:\n\n\n  *  23.2 versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S1, 25.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["SRX Series"],"versions":[{"version":"23.2","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S1, 25.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:28:36.986263Z","id":"CVE-2026-57021","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110081","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57022","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.233","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered.\nThis issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering.\n\nThis issue affects Junos OS on MX Series with SPC3, SRX5k Series with SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series:\n\n  *  all versions before 23.2R2-S4,\n  *  23.4 versions before 23.4R2-S5,\n  *  24.2 versions before 24.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["MX Series with SPC3","SRX5k Series with SPC3","SRX1600 Series","SRX2300 Series","SRX4000 Series","vSRX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S4","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S5","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:M/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:31:06.973288Z","id":"CVE-2026-57022","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110082","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57023","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.397","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\n\nWhen TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX with SPC3, and SRX Series: \n\n\n\n  *  23.4 versions before 23.4R2-S7, \n  *  24.2 versions before 24.2R2-S4, \n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2.\n\n\n\n\nThis issue does not affect releases before 23.4R1."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["SRX Series","MX Series with SPC3"],"versions":[{"version":"23.4","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S3","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:28:39.605123Z","id":"CVE-2026-57023","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110083","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57024","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.553","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\nPlease note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\n\nTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\nuser@host> show system processes extensive | match \"KMD|IKED\"\nThis issue affects Junos OS on MX with SPC3, SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R1-S1."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["SRX Series","MX with SPC3"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S6","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S3","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R1-S1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:31:42.431662Z","id":"CVE-2026-57024","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-694"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110084","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57025","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.747","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\n\nOn EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\n\nThis issue affects EX Series, QFX Series, MX Series:\nJunos OS:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R1-S2.\n\n\n\nJunos OS Evolved:\n  *  all versions before 23.2R2-S7-EVO,\n  *  23.4 versions before 23.4R2-S8-EVO,\n  *  24.2 versions before 24.2R2-EVO,\n  *  24.4 versions before 24.4R1-S3-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["EX Series","QFX Series","MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R1-S2","versionType":"custom","status":"affected"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"23.2R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8-EVO","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-EVO","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R1-S3-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:10:45.027060Z","id":"CVE-2026-57025","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-466"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110085","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57026","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:07.923","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 and SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S5,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2,\n  *  25.4 versions before 25.4R1-S2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["SRX Series","MX Series with SPC3"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:33:00.224298Z","id":"CVE-2026-57026","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-1286"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110086","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57027","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.093","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).When sFlow is configured in a Virtual Chassis (VC) scenario with EX4100 Series or EX4400 Series devices, multicast traffic which is received on one VC member and sent out on another member leads to a memory leak and ultimately an FPC crash and restart.\n\nThe leak can be monitored by watching the continuous increase of the buffer values in the output of:\n\nuser@host> show chassis fpc \nThis issue affects Junos OS on EX4100 Series and EX4400:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["EX4100 Series","EX4400 Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:33:27.417390Z","id":"CVE-2026-57027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110087","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57028","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.257","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.\n\n\nDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\n\nThis issue affects all Junos OS Evolved versions before 23.2R2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"23.2R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:37:11.630273Z","id":"CVE-2026-57028","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-923"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110088","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57029","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.453","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS).\n\n\nWhen the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data (which is outside the attackers control), it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed.\n\n\n\n\nThis issue affects Junos OS Evolved on QFX Series:\n\n\n  *  all 23.2 versions, \n  *  23.4 versions before 23.4R2-S7-EVO,\n  *  24.2 versions before 24.2R2-S5-EVO,\n  *  24.4 versions before 24.4R2-S3-EVO,\n  *  25.2 versions before 25.2R2-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","platforms":["QFX Series"],"versions":[{"version":"0","lessThan":"23.4R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5-EVO","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S3-EVO","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2-EVO","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:44:51.065414Z","id":"CVE-2026-57029","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-820"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110089","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57030","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.643","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nAs part of the stateful traffic processing on SRX Series devices flows are being established, and removed when not needed anymore. During the removal process the timeout of a flow should be set to 3 seconds and consequentially the flow should be removed shortly after. Due to a race condition occurring when setting the timeout there is a chance (the exact conditions are outside the attackers control) that the timeout is instead set to a very high value of larger than 10,000 seconds:\n\n\n\nuser@host> show security flow session | match timeout\nSession ID: 98784248524, Policy name: PROD-FLOW/4, HA State: Active, Timeout: 85250, Session State: Valid\n\nThis will lead to an accumulation of flows which can be observed by an ever-increasing value of invalidated sessions in the output of 'show security flow session summary':\n\nuser@host> show security flow session summary | match invalid\nInvalidated sessions: 216931These sessions can't be cleared manually with the 'clear security flow session' command, which will either lead to forwarding to stop (and the system needs to be manually recovered with a reboot) or to a flowd core and automatic reboot.\n\n\nThis issue affects Junos OS on SRX Series:\n\n\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S1, 24.4R2-S2,\n  *  25.2 versions before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect releases earlier than 24.2R1;"}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["SRX Series"],"versions":[{"version":"24.2","lessThan":"24.2R2-S3","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S1","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R1-S2","versionType":"custom","status":"affected"},{"version":"0","lessThan":"24.2R1","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:22.610309Z","id":"CVE-2026-57030","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110090","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57031","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.827","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters.\n\nOn MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect. \n\n\nThis issue affects Junos OS on MX with MPC10/11, LC4800/9600/4802, and MX304:\n\n\n  *  23.2 versions from 23.2R2-S1 before 23.2R2-S7,\n  *  23.4 versions from 23.4R2 before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","modules":["MPC10","MPC11","LC4800","LC9600","MX304-LMIC16"],"platforms":["MX Series"],"versions":[{"version":"23.2R2-S1","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4R2","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S3","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S2","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:35:02.980850Z","id":"CVE-2026-57031","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110091","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57032","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:09.007","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\n\nIf an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted. \n\nThe following log message can be seen when this issue happens:\n\nagentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor>\n\n\nThis issue affects Junos OS on \n\nEX2300, EX3400, EX4000, EX4100 and EX4400\n\ndevices:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before  24.2R2-S5,\n  *  24.4 versions before 24.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["EX3400","EX4100","EX4400","EX2300","EX4000"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:34:41.285297Z","id":"CVE-2026-57032","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-236"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110092","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-57054","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:09.180","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable.\n\n\n\nIf an MX Series device is configured with web filtering, and an attacker sends a request with a specifically formatted URL, this request will get forwarded despite the system being configured to block it. In turn, an attacker can access downstream resources that are expected to be unreachable.\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S5,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2-S1,\n  *  25.4 versions before 25.4R1-S2, 25.4R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S5","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S4","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2-S1","versionType":"custom","status":"affected"},{"version":"25.4","lessThan":"25.4R1-S2, 25.4R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:33:58.330913Z","id":"CVE-2026-57054","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-706"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110093","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-58123","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T22:17:09.517","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint to achieve full command execution as the server process user via four sequential unauthenticated HTTP requests."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nesquena","product":"hermes-webui","defaultStatus":"affected","repo":"https://github.com/nesquena/hermes-webui","versions":[{"version":"0","lessThan":"0.51.788","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:44:09.803153Z","id":"CVE-2026-58123","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/nesquena/hermes-webui/commit/d257e5f36cfa9328600c8bde6f0de09a6ad9b6f4","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/5268","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.51.788","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hermes-webui-unauthenticated-rce-via-terminal-api","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-58143","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T22:17:09.663","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes the application's CSRF validation function. Attackers can disable the PFS module's file extension whitelist by setting pfsfilecheck to 0, enabling any user with PFS access to upload and execute arbitrary PHP files on the server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cotonti","product":"Cotonti","defaultStatus":"affected","repo":"https://github.com/Cotonti/Cotonti","versions":[{"version":"0","lessThanOrEqual":"0.9.26","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:40:45.545297Z","id":"CVE-2026-58143","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://gist.github.com/sermikr0/75686815e441c07462cfdea2fed5d305","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cotonti-siena-csrf-via-admin-php-config-update-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-58144","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T22:17:09.817","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a folder with a crafted title containing script tags that are stored unescaped in the database and execute in the browser of any user who views the folder listing, including administrators."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cotonti","product":"Cotonti","defaultStatus":"affected","repo":"https://github.com/Cotonti/Cotonti","versions":[{"version":"0","lessThanOrEqual":"0.9.26","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:40:26.781834Z","id":"CVE-2026-58144","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://gist.github.com/sermikr0/75686815e441c07462cfdea2fed5d305","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59828","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:09.973","lastModified":"2026-07-10T15:52:29.883","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"discourse","product":"discourse","versions":[{"version":">= 2026.1.0-latest, < 2026.1.5","status":"affected"},{"version":">= 2026.4.0-latest, < 2026.4.2","status":"affected"},{"version":">= 2026.5.0-latest, < 2026.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:17:36.503953Z","id":"CVE-2026-59828","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/1f26c1163ce87a2abbd1d01780ab1b5fb16e75f6","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/8b773332b0f937dfcd894ed56d56fc5a81578d9d","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/8d36da1b68c906592abde3f2e94d505cdf097435","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/commit/d58988d46bb1019bfa8b8330ae81a1a134e08511","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.1.5","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.4.2","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/releases/tag/v2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-q456-4f8q-42vx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59832","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.627","lastModified":"2026-07-10T16:16:38.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticated request such as /snippets/%2e%2e/%2e%2e/conf/conf.json to read workspace secrets and the document database. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:41:47.607410Z","id":"CVE-2026-59832","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/68cc0f537dfa4502496dfa794e71835421c25c09","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-275h-v5h9-vr82","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59833","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.773","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored cross-site scripting in document export-preview and Bazaar package README render paths that can execute OS commands in the Electron desktop renderer. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:15:26.840084Z","id":"CVE-2026-59833","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/ebe252e61fb93f258d083b9da0fa403679fdf94a","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59834","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.900","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNION SELECT and return rows from hidden documents by projecting an allowed visible box and path. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:33:00.538761Z","id":"CVE-2026-59834","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/57bcad4b331836880bfe6be25d4180bdcf10db0d","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/commit/d0f0fe146fb07d594fcadc4f48d4f7c30ac01d1e","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h89q-4j2h-7h88","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h89q-4j2h-7h88","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59853","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:06.030","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private document paths, notebook, document, and block IDs, and search and replace keywords for unpublished documents. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:47:32.142690Z","id":"CVE-2026-59853","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/0049d0f04ffe9837760d29248b9ef31605077d36","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-px3c-cf92-9g83","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-px3c-cf92-9g83","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59855","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:06.293","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an event handler, and execute JavaScript that can run OS commands in the Electron renderer. This issue is fixed in versions 3.7.1-alpha.2 and 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/efbe3a557720034782643e55c9e0282530cb6bbb","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w3gq-5j72-36vc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-12595","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T00:16:32.120","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /users/@me endpoint without ever checking that the profile's verified flag is true, then directly maps that email to a local WordPress account via get_user_by('email', $profile['email']) and issues an authenticated session cookie via wp_set_auth_cookie(). This makes it possible for unauthenticated attackers to take over any existing WordPress account — including administrator accounts — by registering a Discord account configured with an unverified email address that matches the target user's registered WordPress email and completing the standard Discord OAuth flow."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:13:03.515325Z","id":"CVE-2026-12595","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://loginpress.pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5949980f-2506-49be-9105-40ec2d2a4f77?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12597","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T00:16:32.603","lastModified":"2026-07-10T16:16:25.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array returned by GitHub's /user/emails endpoint as an account-binding identifier without verifying that the email carries a verified === true status. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including administrators, by adding an unverified email address matching a local account to their GitHub profile and triggering the OAuth callback via a crafted code parameter — causing the plugin to call get_user_by('email', ...) and establish an authenticated session for the matched account. Practical exploitation is conditional on GitHub returning the attacker-added unverified email at index 0 of the /user/emails response, as GitHub typically prioritizes the primary verified address first; nonetheless, the absence of any email verification check in the plugin constitutes a fundamental authentication bypass flaw."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:27:36.481702Z","id":"CVE-2026-12597","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://loginpress.pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3ee9f6-6465-4caf-9aef-72dd37c61a2c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15311","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T00:16:32.853","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"NousResearch","product":"hermes-agent","cpes":["cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"],"modules":["Matrix Adapter"],"versions":[{"version":"2026.5.29.0","status":"affected"},{"version":"2026.5.29.1","status":"affected"},{"version":"2026.5.29.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:35.059940Z","id":"CVE-2026-15311","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/NousResearch/hermes-agent/","source":"cna@vuldb.com"},{"url":"https://github.com/NousResearch/hermes-agent/issues/42667","source":"cna@vuldb.com"},{"url":"https://github.com/NousResearch/hermes-agent/pull/42759","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15311","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852843","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377247","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377247/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15317","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T00:16:33.027","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"modules":["Guarded Web Fetch Flow"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3078","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15317","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852877","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377257","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377257/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-50181","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.340","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary for file operations. However, the tools only change the process working directory to `curr_dir` and then operate on the user-supplied `file_path` without resolving and enforcing that the final path remains inside `curr_dir`. As a result, a tool caller can supply path traversal sequences such as `../secret.txt` to read files outside the configured current directory, or `../written_by_tool.txt` to write files outside that directory. This can impact applications that expose Langroid file tools to an LLM agent, user-controlled tool call, or delegated coding/documentation agent while relying on `curr_dir` to restrict file access to a project/workspace directory. Version 0.64.0 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.64.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/langroid/langroid/commit/56e2756ecab70a70a7e6edbee2f2187b8484683e","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-fg23-3346-88f5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54760","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.477","lastModified":"2026-07-10T16:16:33.063","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlglot` SELECT-only statement allowlist. The blocklist entries that target callable functions require the function name to be immediately followed by `\\s*\\(`. PostgreSQL accepts the same call with the name separated from `(` by a quoted identifier, an inline comment, or schema qualification. These forms evade the regex, still parse as `SELECT`, and execute the same PostgreSQL function. This restores the `pg_read_file` server-side file-read primitive that the prior CVE-2026-25879 / GHSA-pmch-g965-grmr fix was meant to block: the parent advisory fixed a missing `pg_read_file` blocklist entry, while this report shows that the added regex is bypassable. Version 0.65.1 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:27:08.297594Z","id":"CVE-2026-54760","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-6xc5-4r68-67fc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-6xc5-4r68-67fc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54769","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.603","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages with `full_eval=True`, they attempt to sandbox the execution by explicitly setting `locals` to an empty dictionary `{}` inside Python's `eval()` function. However, this relies on an incomplete understanding of Python's execution model. Because `__builtins__` is not explicitly scrubbed from the `globals` dictionary mapping, Python implicitly injects all built-ins during execution, granting full access to functions like `__import__('os').system()`. Since `TableChatAgent.pandas_eval()` executes external LLM outputs natively, this bypass permits any attacker providing prompt payload to achieve unauthenticated RCE on the host system. Version 0.65.2 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:03.554156Z","id":"CVE-2026-54769","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54771","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.737","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. Version 0.65.3 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:19:42.631163Z","id":"CVE-2026-54771","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-75"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55615","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.867","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection (direct user input or indirect content the agent reads back via RAG), so an attacker who can influence the prompt can read or destroy all graph data and, when APOC or dbms.security procedures are enabled on the server, achieve OS-command and filesystem access. This is the same defect class and threat model as the SQLChatAgent prompt-to-SQL-to-RCE issue fixed in version 0.63.0 (CVE-2026-25879); that fix did not extend to the neo4j module. Version 0.65.5 contains a fix for the neo4j module."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:42:55.346221Z","id":"CVE-2026-55615","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/langroid/langroid/commit/5a3097d9dd6378b08ced5480b0caf76cc58d00fa","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-2pq5-3q89-j7cc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-2pq5-3q89-j7cc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15319","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T03:16:20.433","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 3126. A patch should be applied to remediate this issue."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"modules":["Launcher"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:24:08.322070Z","id":"CVE-2026-15319","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3069","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/pull/3126","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15319","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852884","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377259","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377259/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15320","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T03:16:20.723","lastModified":"2026-07-10T16:16:26.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. The reported GitHub issue was closed automatically due to inactivity."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:26:21.767167Z","id":"CVE-2026-15320","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3071","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15320","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852942","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377260","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377260/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-11392","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:35.223","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check_in_date' and 'check_out_date' parameters in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thimpress","product":"WP Hotel Booking","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/class-wphb-helpers.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/elementor/widgets/archive-room/list-results-room.php#L214","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/includes/wphb-functions.php#L748","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/templates/search/loop.php#L92","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.1/templates/search/v2/loop-v2.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/includes/elementor/widgets/archive-room/list-results-room.php#L215","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/templates/search/loop.php#L92","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-hotel-booking/tags/2.3.2/templates/search/v2/loop-v2.php#L39","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b56ca04-c6eb-401f-aa8a-b933c0527e51?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11818","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.277","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to list, create, update, delete, clone, and bulk-delete notification flow workflows that are intended to be managed only by administrators. The only protection on these endpoints is a wp_rest nonce check, which is obtainable by any logged-in user from the frontend page source."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"arraytics","product":"WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:24:51.466836Z","id":"CVE-2026-11818","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L110","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L121","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L82","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L88","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cf2d3bd-359c-4334-ad28-b6b9722edd1c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14894","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.587","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler, whose only barrier is a session nonce freely obtainable by unauthenticated visitors via a separate nopriv endpoint. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible. The nonce requirement is trivially bypassed because the super_create_nonce nopriv AJAX action allows any unauthenticated visitor to mint a valid sf_nonce and session cookie in a single prior request, reducing exploitation to two unauthenticated HTTP requests."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"WebRehab","product":"Super Forms – Drag & Drop Form Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.3.313","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:07:33.536107Z","id":"CVE-2026-14894","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/RensTillmann/super-forms/commit/c5838f5877c72b738c54ed970935c77ae6830c3a","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c7fb16-efbb-41e9-be13-98e96c1e9100?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15070","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.727","lastModified":"2026-07-10T16:16:25.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into the web-accessible translate-constants.php file within the plugin directory, enabling remote code execution on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. sanitize_text_field() is applied to the POST 'value' parameter but does not neutralize the characters — single quotes, parentheses, semicolons, $, and [] — required to break out of the PHP string literal into which the value is interpolated before being written to disk via file_put_contents()."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wordpresschef","product":"Salon Booking System – Free Version","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"10.30.32","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:24:32.111847Z","id":"CVE-2026-15070","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Action/Ajax/SetCustomText.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Action/Init.php#L628","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Plugin.php#L407","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Settings.php#L335","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3600791%40salon-booking-system&new=3600791%40salon-booking-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/301ad19a-f99c-45c8-83a7-d74e1a260556?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15326","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T04:17:48.090","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project closed the issue as \"duplicate\" but did not reference any other issue, report, or CVE."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"halo-dev","product":"halo","cpes":["cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:*"],"modules":["Theme Installation"],"versions":[{"version":"2.24.0","status":"affected"},{"version":"2.24.1","status":"affected"},{"version":"2.24.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:P","baseScore":4.7,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:21.876523Z","id":"CVE-2026-15326","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/halo-dev/halo/","source":"cna@vuldb.com"},{"url":"https://github.com/halo-dev/halo/issues/10062","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15326","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853064","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377265","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377265/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15329","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T04:17:50.590","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function BrowserTool._do_navigate of the file agent/tools/browser/browser_tool.py of the component Browser Tool. Performing a manipulation results in information disclosure. The attack can be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Browser Tool"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2871","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2871#issuecomment-4922534422","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15329","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853098","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377272","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377272/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-44918","sourceIdentifier":"cve@mitre.org","published":"2026-07-10T04:17:51.530","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","versions":[{"version":"27.0.0","lessThan":"29.0.6","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.2","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThan":"35.0.2","versionType":"semver","status":"affected"},{"version":"36.0.0","lessThan":"37.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:31:03.401667Z","id":"CVE-2026-44918","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2150450","source":"cve@mitre.org"},{"url":"https://lists.openstack.org/archives/list/openstack-announce@lists.openstack.org/thread/PAJKDWS23MKSSNX22JEVDA7RWN3BHJYC/","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-026.html","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/07/08/4","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-54423","sourceIdentifier":"cve@mitre.org","published":"2026-07-10T04:17:52.230","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","modules":["ipmi"],"versions":[{"version":"22.1.0","lessThan":"29.0.6","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.2","versionType":"semver","status":"affected"},{"version":"32.0.0","lessThan":"35.0.2","versionType":"semver","status":"affected"},{"version":"36.0.0","lessThan":"37.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:25:51.179224Z","id":"CVE-2026-54423","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-424"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2150458","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-025.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-15282","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:30.820","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp_upload_image_as_attachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tenteeglobal","product":"Instant Appointment","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/ajax/ajax_services.php#L3","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/front-end/ajax/login_ajax.php#L584","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/instant-appointment/trunk/includes/front-end/ajax/login_ajax.php#L598","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/097b1530-64fa-45b2-85f3-c6a2311405b5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15283","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:30.943","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpvividplugins","product":"WPvivid Backup for MainWP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.9.33","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:17:25.793505Z","id":"CVE-2026-15283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047890%40wpvivid-backup-mainwp&new=3047890%40wpvivid-backup-mainwp&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2083fdf7-e251-4162-b38f-8dab4395a8a7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15285","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.210","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting in versions up to and including 6.4.11. The `render` function in `modules/widgets/tp_button.php` passed the raw `custom_attributes` string through `tp_senitize_js_input()`. This filter is bypassable. The issue is patched in version 6.4.12."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"posimyththemes","product":"The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.4.11","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:02:26.830122Z","id":"CVE-2026-15285","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.10/modules/helper-function.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.10/modules/widgets/tp_button.php#L1549","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.11/modules/widgets/tp_button.php#L1881","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.12/modules/widgets/tp_button.php#L1680","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c3217f9-67e5-488d-b80a-49a61678fb98?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15286","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.343","lastModified":"2026-07-10T16:16:25.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'get_items_permission_check' function permission callback of the 'process_pattern' REST API endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and immediately publish posts of any type (including pages), bypassing the standard WordPress review workflow where contributors must submit posts for administrator approval."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stellarwp","product":"Kadence Blocks — Page Builder Toolkit for Gutenberg Editor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.5.32","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:24:02.535489Z","id":"CVE-2026-15286","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/class-kadence-blocks-prebuilt-library-rest-api.php#L590","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/class-kadence-blocks-prebuilt-library-rest-api.php#L925","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3445125/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e739eb4-6b8b-4bc7-a1e6-790180668c93?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15288","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.923","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'create_payment_intent' and 'create_subscription_intent' functions without validating it against the form's configured price. This makes it possible for unauthenticated attackers to modify the payment amount to any arbitrary value when submitting a Stripe payment form, potentially purchasing products or services at significantly reduced prices."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"brainstormforce","product":"SureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3427656/sureforms/tags/2.2.2/inc/payments/front-end.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3427656/sureforms/tags/2.2.2/inc/payments/payment-helper.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0e0f22-de42-4da9-a0c1-ae41ba57be03?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15289","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.133","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart_id’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. In order to exploit the vulnerability, the Pro version of the plugin must be installed and activated, with the 'Delete previous dates' option checked."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevart","product":"Booking calendar, Appointment Booking System","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.17","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:27:42.536496Z","id":"CVE-2026-15289","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L64","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L90","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L91","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c052622-ac99-4069-b7df-41aea303ed9d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15290","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.287","lastModified":"2026-07-10T17:16:53.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This vulnerability was partially patched in version 2.9.2 when initially addressing CVE-2025-0308."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ultimatemember","product":"Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:53:43.001848Z","id":"CVE-2026-15290","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.1/includes/core/class-member-directory.php#L1710","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.1/includes/core/class-member-directory.php#L1866","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3222364/ultimate-member/trunk/includes/core/class-member-directory.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3265901/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f539e25-5483-417d-a3c5-e7034c03c673?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15291","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.430","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. This is due to the plugin not performing any authentication and authorization checks. This makes it possible for unauthenticated attackers to extract sensitive data including customer names, email addresses, phone numbers, WhatsApp messages, complete geolocation data (IP addresses, city, country, ISP, coordinates), device fingerprinting information (browser, OS, screen resolution), and WordPress account credentials (user IDs, usernames, emails, names) for logged-in users who submit forms."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themeatelier","product":"ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:16:31.518029Z","id":"CVE-2026-15291","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L149","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L157","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L207","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L234","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394141%40chat-help%2Ftrunk&old=3390862%40chat-help%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91654765-6631-4eb4-9971-32b7db7933e1?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15292","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.563","lastModified":"2026-07-10T16:16:25.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tibouille","product":"Sudoku Shortcode","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:20:34.566902Z","id":"CVE-2026-15292","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/tags/1.0.0/sudoku-shortcode.php#L63","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/tags/1.0.0/sudoku-shortcode.php#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/trunk/sudoku-shortcode.php#L63","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/trunk/sudoku-shortcode.php#L73","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/99e4b38c-f81d-4578-a623-ea62495e934d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15296","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.837","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkp_product' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is a bypass to CVE-2024-10227."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cservit","product":"affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/affiliate-toolkit-starter/trunk/includes/atkp_output.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3227483/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b5e64a33-6165-4257-b324-0bbab4129e54?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15297","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.977","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"neeraj_slit","product":"Brevo – Email, SMS, Web Push, Chat, and more.","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.77","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:28:38.782012Z","id":"CVE-2026-15297","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mailin/trunk/inc/table-forms.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055756%40mailin%2Ftrunk&old=3032712%40mailin%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4cb79e-e62b-4991-8ee5-493dafe38b80?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15298","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.117","lastModified":"2026-07-10T17:16:54.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for unauthenticated attackers to inject malicious scripts via Telegram chat titles that execute when an administrator opens the TelSender settings page and clicks the \"Tested\" button."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"pechenki","product":"TelSender – Сontact form 7, Events, Wpforms, ninja forms  and woocommerce to telegram bot","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.14.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:51:53.582933Z","id":"CVE-2026-15298","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/js/ajax.js#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/js/ajax.js#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/template/view.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/js/ajax.js#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/js/ajax.js#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/template/view.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3449367%40telsender&new=3449367%40telsender&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb02878a-2c85-4dcb-bdc0-e65addf9fb9c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15299","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.257","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weather_style' and 'move_direction' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render() function at widgets/weather.php:1246, where both settings values are placed into an HTML class attribute without esc_attr(). Elementor does not server-side validate widget SELECT control values against allowed options on save, so an authenticated attacker with Contributor-level access or above can submit a crafted save_builder AJAX request storing arbitrary values in the _elementor_data post meta. The stored payload renders unescaped on every frontend visit to the affected page (the Weather widget requires an OpenWeatherMap API key to reach the vulnerable output, which is the normal operational state for sites using this widget)."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wealcoder","product":"Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.6.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:16:06.336538Z","id":"CVE-2026-15299","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/tags/2.6.3/widgets/weather.php#L1246","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/tags/2.6.4/widgets/weather.php#L1246","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/animation-addons-for-elementor/tags/2.6.3&new_path=/animation-addons-for-elementor/tags/2.6.4","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e755c7-7d1e-45f7-9d0b-2df1ef0bdd02?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15300","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.393","lastModified":"2026-07-10T16:16:26.013","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which does not cover $_SERVER), then passed through bare esc_sql() before being interpolated into unquoted numeric positions in the proximity-search query (HAVING/SELECT clause distance math, BETWEEN bounding-box pre-filter) built by gmw_locations_query() in plugins/posts-locator/includes/class-gmw-wp-query.php. Because esc_sql() only escapes string delimiters and these positions are numeric, payloads such as `1 OR SLEEP(3)` survived sanitization. Fixed in 4.5.5 by adding an upstream is_numeric() guard that short-circuits the WHERE clause to `AND 1 = 0` when either coordinate is non-numeric, and by replacing the three esc_sql() calls with (float) casts."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ninjew","product":"GEO my WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:19:40.048972Z","id":"CVE-2026-15300","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L300","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L301","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L286","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L305","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecbc7f05-fc4f-4276-968e-04222a64e55a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15302","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.677","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files (e.g., CSS) to directories outside the 'wp-content/uploads/armember' directory."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"reputeinfosystems","product":"ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.0.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-36"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3062692/armember-membership/trunk/core/classes/class.arm_members_activity.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c8734f5-4d23-454d-bf00-6e9d36982098?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15331","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T05:16:34.010","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. Upgrading to version 2.1.2 is sufficient to fix this issue. The identifier of the patch is e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. It is advisable to upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Skill Installation Handler"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"},{"version":"2.1.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:26:26.657365Z","id":"CVE-2026-15331","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/commit/e85290cddcbb5ffc9c235927f4c92e5b4c3ec264","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2873","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/pull/2886","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/releases/tag/2.1.2","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15331","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853104","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377274","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377274/cti","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2873","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15332","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T05:16:34.200","lastModified":"2026-07-10T16:16:26.237","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Message Endpoint"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:49.153601Z","id":"CVE-2026-15332","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2874","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15332","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853105","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377275","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377275/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-21039","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.387","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:16.688942Z","id":"CVE-2026-21039","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21040","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.530","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:30:43.400961Z","id":"CVE-2026-21040","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21041","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.663","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:31:20.275576Z","id":"CVE-2026-21041","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21044","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.063","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:32:56.008371Z","id":"CVE-2026-21044","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21045","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.177","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:34:24.683334Z","id":"CVE-2026-21045","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21048","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.410","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:05:41.399711Z","id":"CVE-2026-21048","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21050","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.650","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:15:47.362272Z","id":"CVE-2026-21050","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21051","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.760","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:45:03.619826Z","id":"CVE-2026-21051","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21053","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.987","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Email","defaultStatus":"affected","versions":[{"version":"6.2.13.1","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:40:42.601599Z","id":"CVE-2026-21053","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21054","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:36.100","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"InputSharing","defaultStatus":"affected","versions":[{"version":"2.7.01.4","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:39:52.231620Z","id":"CVE-2026-21054","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21056","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:36.330","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Health","defaultStatus":"affected","versions":[{"version":"7.00.0.107","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:15:06.389597Z","id":"CVE-2026-21056","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21057","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:36.453","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Pass","defaultStatus":"affected","versions":[{"version":"5.2.10.3","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:24:50.936899Z","id":"CVE-2026-21057","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-12123","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T07:16:27.430","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. A Subscriber-level attacker can plant an internal or loopback URL in the `mp4` post meta of a newly created `aiovg_videos` post via XML-RPC `wp.newPost`, then trigger the unauthenticated `?vdl=<post_id>` endpoint to force the server to fetch that URL and stream the full response body back to the requester."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"plugins360","product":"All-in-One Video Gallery","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.8.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:35:19.444626Z","id":"CVE-2026-12123","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/includes/roles.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L758","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L904","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/includes/roles.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L758","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L904","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3582575","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3bb454c-ac0e-4915-8c6e-070596f7595a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12276","sourceIdentifier":"contact@wpscan.com","published":"2026-07-10T07:16:28.203","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"LA-Studio Element Kit for Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:34:56.293264Z","id":"CVE-2026-12276","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/0c77a001-2773-4727-a873-848f5670fb96/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12685","sourceIdentifier":"contact@wpscan.com","published":"2026-07-10T07:16:28.313","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"escortwp","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"3.6.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:04:36.399926Z","id":"CVE-2026-12685","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/0e5f5730-167d-4853-a764-bb9e3d62fdc4/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-13347","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T08:16:20.857","lastModified":"2026-07-10T17:16:53.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and he_wrapper_css query parameters processed by the elementor_assets_filter() function. This is due to the function concatenating user-supplied input directly onto ABSPATH and passing the result to file_get_contents() without any path traversal validation, allow-list, realpath containment, or extension check; the result is then echoed in the HTTP response. Although the output is passed through wp_kses_post(), that function only filters HTML tags and does not prevent disclosure of arbitrary file contents. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the affected site's server (such as wp-config). Note: The exploit requires the Elementor plugin and the 'Hide Elementor' feature to be enabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"templatic1","product":"Hide My WP Lite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:51:40.903413Z","id":"CVE-2026-13347","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/hide-wp-login/tags/1.3/includes/functions.php#L117","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hide-wp-login/tags/1.3/includes/functions.php#L139","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e044c51c-40e0-4d33-8921-616d59e0e0d8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-28564","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:21.897","lastModified":"2026-07-10T16:16:28.493","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB.\nREST Basic Authentication Accepts Stale Cached Credentials\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:02:34.412449Z","id":"CVE-2026-28564","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-294"},{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://lists.apache.org/thread/l38wpy7flvvfwv4rkps87l5z8gprnfy0","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40005","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.043","lastModified":"2026-07-10T16:16:29.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.\nAn attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:01:48.242010Z","id":"CVE-2026-40005","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://lists.apache.org/thread/zw2vkbmy5xkf5y8g237v81hrs4c6b5lq","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40006","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.163","lastModified":"2026-07-10T16:16:29.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB.\nWhen pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver\naccepts raw TCP connections on port 9780 with no authentication. The\nreadLength method reads an attacker-controlled 32-bit integer from the\nsocket and readData passes it directly to new byte[length] with no\nupper-bound check. An unauthenticated attacker can cause the JVM to attempt\nan allocation of up to 2,147,483,647 bytes per connection, exhausting heap\nmemory and crashing or severely degrading the DataNode process.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:59:12.142625Z","id":"CVE-2026-40006","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://lists.apache.org/thread/rfpt7m9fvdrw37r3ow5omp2n914z6zqk","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40007","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.280","lastModified":"2026-07-10T16:16:30.140","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.\nWhen pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's\nreadLength method calls itself recursively each time it recognises the\nE-language prefix in socket data, with no depth limit. An unauthenticated\nattacker can send a stream of repeated E-language prefixes that drives the\nrecursion arbitrarily deep, exhausting the receiver thread's JVM stack and\nraising StackOverflowError.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:07:37.243571Z","id":"CVE-2026-40007","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://lists.apache.org/thread/tr23kh6kp8drrsv8ypv1mqm4v5kyy23m","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40008","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.397","lastModified":"2026-07-10T16:16:30.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB.\nThe pipe processor reads a fully\nqualified Java class name and\ninstantiates it using Class.forName().newInstance() without any\nvalidation or allowlisting.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:06:47.206817Z","id":"CVE-2026-40008","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-470"}]}],"references":[{"url":"https://lists.apache.org/thread/fm8cpvzbox2qqy99ztglm8wkk1nrg9ng","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40454","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.750","lastModified":"2026-07-10T16:16:30.770","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client.\nOut-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client\nprocess on malformed server data.\n\n\nThis issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB C++ client","defaultStatus":"unaffected","packageName":"client-cpp","versions":[{"version":"1.3.5","lessThan":"1.3.8","versionType":"semver","status":"affected"},{"version":"2.0.5","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:27:23.764896Z","id":"CVE-2026-40454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://lists.apache.org/thread/9wml325g6bpovw0jf5ymtc3xl7fwlkrn","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-11977","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:51.153","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyforms_get_form_partial() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"happyforms","product":"Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:04:08.892744Z","id":"CVE-2025-11977","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://plugins.svn.wordpress.org/happyforms/trunk/core/classes/class-wp-customize-form-manager.php","source":"security@wordfence.com"},{"url":"https://plugins.svn.wordpress.org/happyforms/trunk/core/helpers/helper-form-templates.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3494912%40happyforms&new=3494912%40happyforms","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e31119ab-963d-48a4-9948-0a0dce761918?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11992","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.280","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level access and above, to cancel all upcoming appointments site-wide by marking every future appointment stored by the plugin as abandoned. The nonce required to authenticate the cancellation request is printed on the Appointments admin page, which is itself gated only by the edit_posts capability that Authors possess, making the nonce readily accessible to low-privileged users."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"easyappointments","product":"Easy Appointments","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.12.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:05:16.087727Z","id":"CVE-2026-11992","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L563","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L619","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/templates/appointments.tpl.php#L302","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L563","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L619","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/templates/appointments.tpl.php#L302","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eea33d0b-2547-4c51-8c4c-d178d6c8502d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12400","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.553","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the update_form due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to modify the content, design, and settings of, as well as publish or revert, any form on the site — including forms owned by administrators — by supplying an arbitrary form ID in the REST URL."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"priyanshuchaudhary","product":"FlowForms – Conversational Form Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L48","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L493","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L562","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L603","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L654","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/flowforms/tags/1.1.1/includes/class-rest-api.php#L694","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3577870%40flowforms&new=3577870%40flowforms","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4e6133-f833-4da2-af4a-e7e7fcedfe3c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12924","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.820","lastModified":"2026-07-10T16:16:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"arraytics","product":"Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.1.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:40:46.922796Z","id":"CVE-2026-12924","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/core/event/Api/EventController.php#L2027","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/core/event/Api/EventController.php#L801","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/event-details-parts.php#L359","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/styles/event-faq/style-1.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/styles/event-faq/style-2.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/utils/functions.php#L44","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3600977%40wp-event-solution&new=3600977%40wp-event-solution","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/343ed594-482a-4a27-9682-92bb643ee82a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12955","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.987","lastModified":"2026-07-10T17:16:53.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdpr_cookie_consent_ajax_save_schedule_scan() function (the wp_ajax_gcc_save_schedule_scan AJAX action) in versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's cookie scan schedule configuration stored in the gdpr_scan_schedule_data option, which is an administrative function intended to be limited to users with the manage_options capability."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wplegalpages","product":"Cookie Banner for GDPR / CCPA – WPLP Cookie Consent","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:19.589040Z","id":"CVE-2026-12955","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/admin/class-gdpr-cookie-consent-admin.php#L8132","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/admin/class-gdpr-cookie-consent-admin.php#L8139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/includes/class-gdpr-cookie-consent.php#L251","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3601475/gdpr-cookie-consent/tags/4.3.7/admin/class-gdpr-cookie-consent-admin.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddee10e0-093c-47a3-8aa9-946d6d21e1b2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14475","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.127","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wplegalpages","product":"Cookie Banner for GDPR / CCPA – WPLP Cookie Consent","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:11:39.023792Z","id":"CVE-2026-14475","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/class-wpl-cookie-consent-cookie-scanner.php#L1036","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/class-wpl-cookie-consent-cookie-scanner.php#L994","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L823","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L847","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601475%40gdpr-cookie-consent&new=3601475%40gdpr-cookie-consent","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/376741ee-9b6b-4822-8bad-548e212cd563?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15026","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.277","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the email_template_selected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the post_title and raw post_content of arbitrary posts regardless of status (draft, private, future, trash, password-protected) or post type (including non-public CPTs such as WooCommerce orders and internal CRM records) by enumerating post IDs. The required codection-security nonce is exposed as inline JavaScript on any wp-admin page when ?post_type=acui_email_template is appended to the URL, which is reachable by any authenticated user including Subscribers."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"carazo","product":"Import and export users and customers","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:48.392392Z","id":"CVE-2026-15026","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-options.php#L357","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-templates.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-templates.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-options.php#L357","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-templates.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-templates.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601455%40import-users-from-csv-with-meta&new=3601455%40import-users-from-csv-with-meta","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/85b61e0f-3bb2-4688-b513-14f4d2da6c30?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-1946","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.540","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebu_gravitywrite_disconnect_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the plugin from GravityWrite via the 'gwaiwebu_gravitywrite_disconnect' AJAX action."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"nandhiniwp","product":"GW AI Website Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/tags/1.0.1/API/api-functions.php#L4069","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/tags/1.0.1/API/api-functions.php#L4253","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/trunk/API/api-functions.php#L4069","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gw-ai-website-builder/trunk/API/api-functions.php#L4253","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3481065%40gw-ai-website-builder&new=3481065%40gw-ai-website-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/49405ba1-b0fd-429b-a30a-95c8d3f26545?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3907","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.677","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode attribute (used as button text) is passed to the `$text` variable without sanitization at line 79 and then output directly into an HTML `value` attribute at line 91 without `esc_attr()` or any other escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"prasunsen","product":"Hostel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:38:57.759016Z","id":"CVE-2026-3907","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/shortcodes.php#L79","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/shortcodes.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/models/hostel.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/shortcodes.php#L79","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/shortcodes.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/models/hostel.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3480942%40hostel&new=3480942%40hostel","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30339c0d-6632-4073-b4d5-3bb4a5b8a58d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6440","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.820","lastModified":"2026-07-10T17:17:03.997","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset_credential() function, which handles the wp_ajax_goodmeet_reset_google_meet_credential AJAX action. While the function does verify the user's capability (manage_options), it does not validate a nonce, making it susceptible to CSRF attacks. This makes it possible for unauthenticated attackers to trick a site administrator into clicking a malicious link that will reset (delete) the plugin's stored Google Meet API credentials (goodmeet_google_credentials) and OAuth tokens (goodmeet_google_token), effectively disabling the Google Meet integration on the site."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"sovlix","product":"GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:29.603286Z","id":"CVE-2026-6440","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Goodmeet_Ajax.php#L140","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Goodmeet_Ajax.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Googlemeet/Goodmeet_Meet.php#L544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Goodmeet_Ajax.php#L140","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Goodmeet_Ajax.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Googlemeet/Goodmeet_Meet.php#L544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3525854%40goodmeet&new=3525854%40goodmeet","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dc9e818d-811e-4732-9c74-8eb6753a1706?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6802","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.973","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdc_custom_init() function, which processes the 'eufdc-delete' parameter without any nonce verification, capability check, or attachment ownership validation. This makes it possible for unauthenticated attackers to permanently delete arbitrary media library attachments from the WordPress site."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"fahadmahmood","product":"Easy Upload Files During Checkout","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:04:21.751000Z","id":"CVE-2026-6802","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L587","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L587","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3522887%40easy-upload-files-during-checkout&new=3522887%40easy-upload-files-during-checkout","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5727bc4e-ee92-4913-bc8f-3d002488b383?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9838","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:54.110","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerability is reachable via the unauthenticated wp_ajax_nopriv_r34ics_ajax AJAX action, which accepts attacker-controlled js_args values merged over stored shortcode configuration without nonce verification, allowing the htmltagtitle key to bypass the normal shortcode allowlist check."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"room34","product":"ICS Calendar","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"12.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:26.409711Z","id":"CVE-2026-9838","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/templates/calendar-month.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/templates/calendar-month.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3563728%40ics-calendar&new=3563728%40ics-calendar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4d91b01-5034-42b5-857f-c66c875dd562?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12918","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:22.893","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is a second-order SQL injection: the malicious payload is first stored unsanitized via a POST request to /mrm/v1/campaigns/ (bypassing filter_recipients() validation because an int-cast of a string like '1) OR ...' evaluates to a real numeric ID), and is then triggered by a subsequent GET request to /mrm/v1/campaigns/{id} that deserializes the recipients and passes the raw id string through array_column() into the vulnerable query."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"getwpfunnels","product":"Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.24.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L1088","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L304","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/Database/models/ContactGroupPivotModel.php#L130","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/MrmCommon.php#L1197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3592458%40mail-mint&new=3592458%40mail-mint","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf7c500e-311f-4db5-8a54-de7b02fb11dd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13010","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.020","lastModified":"2026-07-10T16:16:25.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The shortcode can be embedded in posts or pages by Contributor-level users, making this exploitable by any authenticated user with at least that role."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"beardev","product":"JoomSport – for Sports: Team & League, Football, Hockey & more","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.7.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:30.613546Z","id":"CVE-2026-13010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.9/includes/joomsport-shortcodes.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.9/sportleague/base/wordpress/classes/class-jsport-getplayers.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3594276%40joomsport-sports-league-results-management&new=3594276%40joomsport-sports-league-results-management","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3aa680f-4ce2-43b2-81fb-c664e398c868?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13247","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.137","lastModified":"2026-07-10T17:16:53.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgx_tooltip_position' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"logichunt","product":"Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:09.261103Z","id":"CVE-2026-13247","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/admin/class-logo-slider-wp-admin.php#L996","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/public/partials/template/view-default.php#L43","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/public/partials/view-controller.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601263%40logo-slider-wp&new=3601263%40logo-slider-wp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd321fd7-1f3a-4d1c-b832-69423a35fad5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13710","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.270","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sg_body_description' parameter in versions up to, and including, 3.2.6. This is due to insufficient input sanitization and output escaping on the description attribute in the render_body() method of the Image_Box_View class — every other attribute used by the method is wrapped in esc_attr(), but the description value is concatenated directly into HTML body context. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"jegtheme","product":"Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:14:14.401741Z","id":"CVE-2026-13710","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3596439%40jeg-elementor-kit&new=3596439%40jeg-elementor-kit","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/be78b7d5-3f99-46de-b2b8-14254ee1ab71?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15378","sourceIdentifier":"secalert@redhat.com","published":"2026-07-10T10:16:23.553","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network endpoints. Additionally, it enables local file reads of critical data such as service account tokens and pod secrets."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-fms-guardrails-orchestrator-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15378","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498941","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-41876","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.687","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user.\n\nThis issue was fixed in version v3.19-2752 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2752","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:57:08.498105Z","id":"CVE-2026-41876","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41877","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.847","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users.\n\nThis issue was fixed in version v3.19-2832 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2832","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:56:33.511506Z","id":"CVE-2026-41877","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41878","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.957","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file.\n\nThis issue was fixed in version v3.19-2862 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2862","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:22:59.247904Z","id":"CVE-2026-41878","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41879","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:24.077","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file.\n\nThis issue was fixed in version v3.17-2000."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.17-2000","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:19:06.995124Z","id":"CVE-2026-41879","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41880","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:24.193","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding neutralizes the injection during the standard web upload flow. An authenticated attacker who is able to trigger the OCR functionality for the uploaded file can execute OS commands within the context of a root user.\n\nThis issue was fixed in version v3.19-2862 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2862","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:27:49.734940Z","id":"CVE-2026-41880","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-9857","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:24.310","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the plugin's API key stored in wp_options, modify invoice plugin settings, and alter WooCommerce tax rate data in the wp_woocommerce_tax_rates table."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"saskaita123","product":"Invoice123","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:03:44.668414Z","id":"CVE-2026-9857","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_ApiKey.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_ApiKey.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_ApiKey.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_ApiKey.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3594935%40saskaita123-lt&new=3594935%40saskaita123-lt","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d4e685a-0462-447f-a639-4f95d5aa27ab?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-58225","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-10T11:16:36.300","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection.\n\nPostgrex.Notifications sanitizes channel names with quote_channel/1, which doubles double quotes so the name is safe inside a double-quoted identifier. This protects the single-statement LISTEN and UNLISTEN paths. On every (re)connect, however, handle_connect/1 replays all registered channels at once by concatenating their LISTEN statements and wrapping them in a dollar-quoted anonymous code block (DO $$BEGIN ... END$$). quote_channel/1 does not escape the $$ dollar-quote delimiter that opens and closes this block.\n\nThe listen/3 guards only reject null bytes and names longer than 63 bytes, so a channel name containing $$ passes validation unchanged. Once such a name is embedded, its $$ prematurely terminates the outer dollar-quoted string and PostgreSQL parses the remainder as additional top-level statements. Because handle_connect/1 runs on every (re)connect, the malformed replay query is rejected each time and the notification connection never re-establishes its subscriptions, silently dropping notifications for every channel sharing that connection.\n\nAn application is affected when it passes untrusted input (for example a tenant or user identifier) as a channel name to Postgrex.Notifications.listen/3. The double-quote doubling prevents forming a fully valid injected statement, so arbitrary SQL execution is not possible, but the corrupted query reliably breaks the shared notification connection for all tenants, resulting in denial of service.\n\nThis issue affects postgrex: from 0.16.0 before 0.22.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-ecto","product":"postgrex","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"postgrex","cpes":["cpe:2.3:a:elixir-ecto:postgrex:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Postgrex.Notifications'"],"programFiles":["lib/postgrex/notifications.ex"],"programRoutines":[{"name":"'Elixir.Postgrex.Notifications':handle_connect/1"},{"name":"'Elixir.Postgrex.Notifications':listen/3"}],"repo":"https://github.com/elixir-ecto/postgrex","packageURL":"pkg:hex/postgrex","versions":[{"version":"0.16.0","lessThan":"0.22.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-ecto","product":"postgrex","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-ecto/postgrex","cpes":["cpe:2.3:a:elixir-ecto:postgrex:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Postgrex.Notifications'"],"programFiles":["lib/postgrex/notifications.ex"],"programRoutines":[{"name":"'Elixir.Postgrex.Notifications':handle_connect/1"},{"name":"'Elixir.Postgrex.Notifications':listen/3"}],"repo":"https://github.com/elixir-ecto/postgrex","packageURL":"pkg:github/elixir-ecto/postgrex","versions":[{"version":"266b530faf9bde094e31e0e4ab851f933fadc0f5","lessThan":"795c6062f62c4394272ff4b89170688857b4f841","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:47:10.671088Z","id":"CVE-2026-58225","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-58225.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-ecto/ecto/security/advisories/GHSA-4mw9-4qgj-m97w","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-ecto/postgrex/commit/795c6062f62c4394272ff4b89170688857b4f841","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-58225","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-ecto/ecto/security/advisories/GHSA-4mw9-4qgj-m97w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56688","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.453","lastModified":"2026-07-10T17:17:01.213","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:49:45.463721Z","id":"CVE-2026-56688","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56689","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.577","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T12:59:59.557962Z","id":"CVE-2026-56689","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56690","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.700","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:14:21.210025Z","id":"CVE-2026-56690","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56814","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-10T12:17:24.837","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part body bytes; part header bytes are never counted, and a part with an empty body costs zero.\n\nBecause every part whose Content-Disposition carries a non-empty filename creates a fresh temporary file (via Plug.Upload) and retains a Plug.Upload struct for the duration of the request, an attacker can send a single request composed of many empty-body file parts. Such a request stays well under the configured :length limit (8,000,000 bytes by default) while creating one temporary file per part, leading to inode and disk exhaustion and unbounded memory growth. Any application using Plug.Parsers with the :multipart parser is affected, and no authentication is required, only reachability of a multipart endpoint over HTTP.\n\nThis vulnerability is associated with program files lib/plug/parsers/multipart.ex and program routines Plug.Parsers.MULTIPART.parse_multipart/2, Plug.Parsers.MULTIPART.parse_multipart_headers/5, Plug.Parsers.MULTIPART.parse_multipart_body/4, and Plug.Parsers.MULTIPART.parse_multipart_file/4.\n\nThis issue affects plug: from 1.4.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, and from 1.20.0 before 1.20.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Parsers.MULTIPART'"],"programFiles":["lib/plug/parsers/multipart.ex"],"programRoutines":[{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart/2"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_headers/5"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_body/4"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_file/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:hex/plug","versions":[{"version":"1.4.0","lessThan":"1.16.6","versionType":"semver","status":"affected"},{"version":"1.17.0","lessThan":"1.17.4","versionType":"semver","status":"affected"},{"version":"1.18.0","lessThan":"1.18.5","versionType":"semver","status":"affected"},{"version":"1.19.0","lessThan":"1.19.5","versionType":"semver","status":"affected"},{"version":"1.20.0","lessThan":"1.20.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-plug/plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Parsers.MULTIPART'"],"programFiles":["lib/plug/parsers/multipart.ex"],"programRoutines":[{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart/2"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_headers/5"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_body/4"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_file/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:github/elixir-plug/plug","versions":[{"version":"c52b2f32c90bccd718202bafccb5f95594e30183","lessThan":"*","versionType":"git","status":"affected","changes":[{"at":"981597d3a4271ede64373c7a731702a42c500dd6","status":"unaffected"},{"at":"56edca2ce35fe5589cd581644d8a4493fa5f484e","status":"unaffected"},{"at":"0ee8afcc61466dc5f7a8f048d0632c899165b81f","status":"unaffected"},{"at":"cae36053350e5215a4e0ca33cd130af9c5fc6364","status":"unaffected"},{"at":"f7effaed811c00b5f5bf817936bfd9c5df27b7dc","status":"unaffected"},{"at":"df97d3f17f808a9916a7700a701fb85314559d56","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:03:11.744626Z","id":"CVE-2026-56814","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-56814.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/0ee8afcc61466dc5f7a8f048d0632c899165b81f","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/56edca2ce35fe5589cd581644d8a4493fa5f484e","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/981597d3a4271ede64373c7a731702a42c500dd6","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/cae36053350e5215a4e0ca33cd130af9c5fc6364","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/df97d3f17f808a9916a7700a701fb85314559d56","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/f7effaed811c00b5f5bf817936bfd9c5df27b7dc","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/security/advisories/GHSA-95qv-c9g9-rm63","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-56814","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"}]}},{"cve":{"id":"CVE-2026-54469","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T13:16:20.427","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Unisphere for PowerMax","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.3.0.7 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"10.3.1.1 Patch 11360 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000483543/dsa-2026-272-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtualappliance-dell-unisphere-360-dell-solutionsenabler-and-dell-solutionsenabler-virtualappliance-security-update-for-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-54470","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T13:16:20.550","lastModified":"2026-07-10T16:16:32.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Unisphere for PowerMax","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.3.0.7 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"10.3.1.1 Patch 11360 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:54.892451Z","id":"CVE-2026-54470","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000483543/dsa-2026-272-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtualappliance-dell-unisphere-360-dell-solutionsenabler-and-dell-solutionsenabler-virtualappliance-security-update-for-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56813","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-10T13:16:20.663","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes.\n\nThe Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value and its path, domain, same_site, and extra attributes directly into the header without neutralizing the ';' delimiter that separates cookie attributes.\n\nAn application that places attacker-controlled data into a cookie value or attribute (for example via Plug.Conn.put_resp_cookie/4 when reflecting a username or preference) lets an attacker inject a ';' to append or override cookie attributes (such as Domain and Path scope, or dropping the Secure and HttpOnly flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by Plug.Conn header validation, so HTTP response splitting is not possible, but attribute injection through ';' is not prevented.\n\nThis issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Conn.Cookies'","'Elixir.Plug.Conn'"],"programFiles":["lib/plug/conn/cookies.ex"],"programRoutines":[{"name":"'Elixir.Plug.Conn.Cookies':encode/2"},{"name":"'Elixir.Plug.Conn':put_resp_cookie/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:hex/plug","versions":[{"version":"0.1.0","lessThan":"1.16.6","versionType":"semver","status":"affected"},{"version":"1.17.0","lessThan":"1.17.4","versionType":"semver","status":"affected"},{"version":"1.18.0","lessThan":"1.18.5","versionType":"semver","status":"affected"},{"version":"1.19.0","lessThan":"1.19.5","versionType":"semver","status":"affected"},{"version":"1.20.0","lessThan":"1.20.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-plug/plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Conn.Cookies'","'Elixir.Plug.Conn'"],"programFiles":["lib/plug/conn/cookies.ex"],"programRoutines":[{"name":"'Elixir.Plug.Conn.Cookies':encode/2"},{"name":"'Elixir.Plug.Conn':put_resp_cookie/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:github/elixir-plug/plug","versions":[{"version":"f26876aa67aaeb38e616638aa3efbcc2fe2906a5","lessThan":"*","versionType":"git","status":"affected","changes":[{"at":"3f00dfad4e20ba88472e315c90a25742bf178f8e","status":"unaffected"},{"at":"a6d1248659022749869963fd302687165ecf8c8b","status":"unaffected"},{"at":"4167981747fe9ce75f374b94a28861ae950ea992","status":"unaffected"},{"at":"149d9ed68fee0b4f77efd1e835ce5d785856697b","status":"unaffected"},{"at":"eceb8315ce9a31ef784943a95a8624ebd1bc7e06","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:43:36.298825Z","id":"CVE-2026-56813","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-141"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-56813.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/c6575800b2c4e15af1904df87522ca8a23da020c","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/security/advisories/GHSA-wpmj-jh88-rpgm","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-56813","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"}]}},{"cve":{"id":"CVE-2026-22659","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T14:16:52.547","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted forum as an anchor in a batch request, causing the permission check applied only to the first result to pass, and then execute lock, unlock, delete, or hide actions against topics in unmoderated forums."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"flaskbb","product":"flaskbb","defaultStatus":"affected","repo":"https://github.com/flaskbb/flaskbb","versions":[{"version":"0","lessThanOrEqual":"2.2.0","versionType":"semver","status":"affected"},{"version":"https://github.com/flaskbb/flaskbb/commit/a5da9a52","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/flaskbb/flaskbb/commit/acc88cfedd011124395e0101cb27432a47f712be","source":"disclosure@vulncheck.com"},{"url":"https://github.com/flaskbb/flaskbb/security/advisories/GHSA-9rjj-9p2h-6c55","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/flaskbb-authorization-bypass-via-topic-id-manipulation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-22660","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T14:16:52.687","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares received JSON integer group IDs against string literals, causing the protection check to always pass, which allows deletion of all six built-in groups and destroys the forum's permission model, potentially rendering the site unusable."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"flaskbb","product":"flaskbb","defaultStatus":"affected","repo":"https://github.com/flaskbb/flaskbb","versions":[{"version":"0","lessThanOrEqual":"2.2.0","versionType":"semver","status":"affected"},{"version":"https://github.com/flaskbb/flaskbb/commit/a5da9a52","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:18:30.364694Z","id":"CVE-2026-22660","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-697"}]}],"references":[{"url":"https://github.com/flaskbb/flaskbb/commit/a5da9a529adddc65fe31e275192b642a4e32de64","source":"disclosure@vulncheck.com"},{"url":"https://github.com/flaskbb/flaskbb/security/advisories/GHSA-r9cf-jxr6-5h3r","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/flaskbb-logic-flaw-authorization-group-deletion-via-bulk-ajax-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/flaskbb/flaskbb/security/advisories/GHSA-r9cf-jxr6-5h3r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-29519","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:39.007","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads within the request path. Attackers can craft a malicious URL containing injected script content that is reflected in the server's response without proper output encoding, enabling session hijacking or unauthorized actions against the Lucee administrative interface when a victim visits the crafted link."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"lucee","product":"Lucee","defaultStatus":"affected","repo":"https://github.com/lucee/Lucee","versions":[{"version":"5.3.1.95","lessThanOrEqual":"7.0.0.395","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:39:16.587023Z","id":"CVE-2026-29519","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/L4V4D0/CVE-2026-29519-Lucee-Reflected-XSS","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/lucee-cfml-server-reflected-xss-via-url-path-parsing","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-38057","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T15:16:39.397","lastModified":"2026-07-10T17:16:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"ST Engineering iDirect","product":"Evolution iQ‑Series terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"3315-Series","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"9-Series Terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:22:04.408644Z","id":"CVE-2026-38057","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://support.idirect.net/s/login","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-38059","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T15:16:39.563","lastModified":"2026-07-10T17:16:57.000","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"ST Engineering iDirect","product":"Evolution iQ‑Series terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"3315-Series","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"9-Series Terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:18:45.509494Z","id":"CVE-2026-38059","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://support.idirect.net/s/login","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-56254","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:41.810","lastModified":"2026-07-10T16:16:33.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo server can create a validly signed update bundle and cause devices to install an update not produced by the original app maker."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"capacitor-updater","product":"capacitor-updater","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo/capacitor-updater","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:07.705805Z","id":"CVE-2026-56254","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-320"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-j2f4-4pfc-p8rx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capacitor-updater-end-to-end-encryption-bypass-via-private-key-distribution","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56261","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.017","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal services and potentially expose cloud metadata."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Crawl4AI","product":"Crawl4AI","defaultStatus":"unaffected","packageURL":"pkg:pypi/crawl4ai","versions":[{"version":"0","lessThan":"0.8.7","versionType":"semver","status":"affected"},{"version":"0.8.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:58:21.059975Z","id":"CVE-2026-56261","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai","source":"disclosure@vulncheck.com"},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/crawl4ai-server-side-request-forgery-via-webhook-urls","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56279","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.157","lastModified":"2026-07-10T16:16:33.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:44:27.423019Z","id":"CVE-2026-56279","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fch8-pp28-mw2x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-information-disclosure-via-get-orgs-v7-rpc-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fch8-pp28-mw2x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56305","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.300","lastModified":"2026-07-10T15:44:09.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate users and achieve full account takeover."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-620"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-rjr5-qxqj-cx8g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-authentication-bypass-in-password-change-via-missing-current-password-validation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56309","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.440","lastModified":"2026-07-10T16:16:34.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bundle metadata, and survive app deletion, enabling storage and bandwidth abuse."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:12:45.415501Z","id":"CVE-2026-56309","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q52j-ggvx-cr4v","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-plan-bypass-via-unrestricted-attachment-upload-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q52j-ggvx-cr4v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56312","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.587","lastModified":"2026-07-10T17:17:00.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn invite links."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:49:33.747729Z","id":"CVE-2026-56312","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-whc5-fvr7-g5v3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-account-creation-before-captcha-validation-in-accept-invitation-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56329","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.727","lastModified":"2026-07-10T17:17:00.643","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:45:10.865078Z","id":"CVE-2026-56329","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-76qq-gg2p-pwwj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-tenant-preview-namespace-collision-via-non-bijective-underscore-decoding","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-76qq-gg2p-pwwj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56335","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.880","lastModified":"2026-07-10T16:16:34.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive channel attributes such as public, allow_emulator, and security-related flags outside intended application routes."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:56:47.365326Z","id":"CVE-2026-56335","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ph9c-vwjq-pqhj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-channel-configuration-mutation-via-write-scoped-api-keys","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ph9c-vwjq-pqhj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56354","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:43.030","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions can inject malicious scripts or redirect parameters to perform stored XSS attacks or phishing redirects against end users."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.24","versionType":"semver","status":"affected"},{"version":"1.123.24","versionType":"semver","status":"unaffected"},{"version":"2.0.0-rc.0","lessThan":"2.10.4","versionType":"semver","status":"affected"},{"version":"2.10.4","versionType":"semver","status":"unaffected"},{"version":"2.11.0","lessThan":"2.12.0","versionType":"semver","status":"affected"},{"version":"2.12.0","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.10.4","versionType":"semver","status":"affected"},{"version":"2.10.4","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.24","versionType":"semver","status":"affected"},{"version":"1.123.24","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:42:31.372790Z","id":"CVE-2026-56354","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/n8n-cross-site-scripting-and-open-redirect-in-form-node","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56366","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:43.217","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-18","versionType":"semver","status":"affected"},{"version":"7.1.2-18","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-43","versionType":"semver","status":"affected"},{"version":"6.9.13-43","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9r56-3gjq-hqf7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-meta-reader-app1jpeg-error-path","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56373","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:43.450","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-15","versionType":"semver","status":"affected"},{"version":"7.1.2-15","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-40","versionType":"semver","status":"affected"},{"version":"6.9.13-40","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:04:44.577179Z","id":"CVE-2026-56373","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3j4x-rwrx-xxj9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/imagemagick-use-after-free-write-in-pdb-decoder","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56765","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:43.727","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all file attachments across all projects instance-wide."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vikunja","product":"Vikunja","defaultStatus":"unaffected","packageURL":"pkg:golang/code.vikunja.io/api","versions":[{"version":"0","lessThan":"2.2.1","versionType":"semver","status":"affected"},{"version":"2.2.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:40:04.075201Z","id":"CVE-2026-56765","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2pv8-4c52-mf8j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vikunja-unauthenticated-instance-wide-data-breach-via-link-share-hash-disclosure-chained-with-cross-project-attachment-idor","source":"disclosure@vulncheck.com"},{"url":"https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2pv8-4c52-mf8j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57961","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:47.057","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path resolution logic locates the substring \"content\" within a user-controlled path using strpos(); when \"content\" is absent, strpos() returns false, which becomes 0 when cast to an integer, preserving the entire attacker-controlled path. This path is later passed to file_get_contents() without canonicalization or root-directory containment validation, which may allow reading of files outside the intended content directory."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"phpMyFAQ","product":"phpMyFAQ","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.1.5","versionType":"semver","status":"affected"},{"version":"4.1.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:14:25.295975Z","id":"CVE-2026-57961","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-88g4-74f3-63x9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-authenticated-path-traversal-in-pdf-export-via-concatenatepaths-function","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-57994","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:47.850","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive (draft or review-only) FAQ content. Specifically, GET /api/v3.1/faq/{categoryId}/{faqId} returns the inactive FAQ title and full answer, while GET /api/v3.1/faqs/tags/{tagId} and GET /api/v4.0/faqs/tags/{tagId} return the inactive FAQ title and answer preview, disclosing non-public content."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"phpMyFAQ","product":"phpMyFAQ","defaultStatus":"unaffected","versions":[{"version":"4.1.0","lessThan":"4.1.5","versionType":"semver","status":"affected"},{"version":"4.1.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:53:43.057049Z","id":"CVE-2026-57994","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mf8r-wm2w-f8c5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-information-disclosure-of-inactive-faq-content-via-public-api-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mf8r-wm2w-f8c5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58661","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:47.987","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.28.0","versionType":"semver","status":"affected"},{"version":"2.28.0","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.58","versionType":"semver","status":"affected"},{"version":"1.123.58","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:43:17.458913Z","id":"CVE-2026-58661","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w867-jm58-p9pv","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/n8n-disk-space-exhaustion-via-data-table-file-upload-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59791","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.110","lastModified":"2026-07-10T18:58:17.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"YouTrack","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.2.17012","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:45:20.326917Z","id":"CVE-2026-59791","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.2.17012","matchCriteriaId":"0ED3E61C-FFDE-41D6-80E0-F081073A54BF"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59792","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.240","lastModified":"2026-07-10T18:51:28.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains IntelliJ IDEA before 2026.1.4, \n2026.2 code execution via path traversal in project workspace ID handling was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"IntelliJ IDEA","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.4, \n2026.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:37:51.583310Z","id":"CVE-2026-59792","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.4","matchCriteriaId":"EFA3E4FD-FB82-4AE8-A702-C0BD219B88AC"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59793","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.350","lastModified":"2026-07-10T18:49:40.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"TeamCity","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:18:55.483474Z","id":"CVE-2026-59793","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.2","matchCriteriaId":"D410BA29-5145-4A5C-BFDF-B79E4A104992"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59794","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.463","lastModified":"2026-07-10T18:49:04.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"TeamCity","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:18:35.273081Z","id":"CVE-2026-59794","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.2","matchCriteriaId":"D410BA29-5145-4A5C-BFDF-B79E4A104992"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59795","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.573","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"TeamCity","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:15:27.708148Z","id":"CVE-2026-59795","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com"}]}},{"cve":{"id":"CVE-2026-59796","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.683","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"TeamCity","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:14:42.442614Z","id":"CVE-2026-59796","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com"}]}},{"cve":{"id":"CVE-2026-60086","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.417","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are classified as HIGH threat level and pass through unblocked to reach the model."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4r3p-w3mc-5v34","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-prompt-injection-defense-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-60089","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.567","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.output_file path. A repository-controlled config file can set output_file to an absolute or '..' traversal path; when the developer subsequently calls agent.start() without explicitly passing an output parameter, PraisonAI writes the agent response to that path (creating parent directories as needed), allowing an untrusted checked-out project to overwrite files outside the project root with the privileges of the user running PraisonAI."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:03:27.216214Z","id":"CVE-2026-60089","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/3aa9cbc2bd49c23a32be0a89a5e620d13d843eab","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qjw5-xwrp-xwpq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-path-traversal-via-config-toml","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qjw5-xwrp-xwpq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-60091","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.700","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhook_url parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a blind SSRF attack."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:39:40.340456Z","id":"CVE-2026-60091","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4w49-gwv8-fpjg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-unauthenticated-ssrf-via-webhook-url","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-61431","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.947","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and include their contents in the generated context bundle."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:19:09.542793Z","id":"CVE-2026-61431","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/1620b49f36945d8cc8ee5635b906c960df5097a0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q7m5-3jmv-vm48","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-path-traversal-via-contextgatherer","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q7m5-3jmv-vm48","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61432","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.077","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastContext feature (praisonaiagents.context.fast). FastContextAgent.execute_tool() prepends the configured workspace_path only for relative paths and neither rejects absolute paths nor canonicalizes joined paths before enforcing workspace containment. As a result, tool arguments or model-generated function calls to grep_search, glob_search, read_file, or list_directory can supply absolute paths or '../' traversal sequences to read, search, and enumerate files outside the intended workspace directory, with file contents returned to the caller or injected into the model's tool-result context."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:51:16.303986Z","id":"CVE-2026-61432","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/1620b49f36945d8cc8ee5635b906c960df5097a0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4xxv-6wmf-xf45","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-fastcontext-before-path-traversal","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4xxv-6wmf-xf45","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61434","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.213","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:45:54.802927Z","id":"CVE-2026-61434","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-allowlist-bypass-via-find-exec","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61437","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.350","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string output_pydantic reference, the framework locates and imports a sibling tools.py from the workflow file's directory via importlib exec_module without sandboxing, ignoring the PRAISONAI_ALLOW_*_TOOLS environment variables. An attacker who controls a workflow file and its sibling tools.py can execute arbitrary Python code with the workflow runner's privileges when the workflow is executed via WorkflowManager or after load_yaml."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4gfv-wg42-7jw5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-remote-code-execution-via-tools-py","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-61441","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.480","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a dependency through an owner-created issue endpoint (which returns 403) can delete the same dependency edge by targeting a related member-owned issue endpoint, because permission is validated against the member-owned issue's owner. This allows members to bypass owner/admin authorization and remove owner-created issue dependencies."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai-platform","versions":[{"version":"0","lessThan":"0.1.9","versionType":"semver","status":"affected"},{"version":"0.1.9","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:52:32.002320Z","id":"CVE-2026-61441","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/846568c7a5d8ce9e71e56e4c213f027c04909753","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-mxmx-rh57-jx58","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-platform-before-authorization-bypass-via-dependencies","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-mxmx-rh57-jx58","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61450","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.740","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user, or anyone able to write to user/pages) to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method allowlist, the raw container remains accessible via the allow-listed grav.offsetGet('config'), which returns the real Config object. Allow-listed object-dumping filters (json_encode, print_r, yaml_encode) then serialize that object at the PHP level without invoking the sandbox method gate, exposing the full config tree including plugin secrets such as SMTP credentials, API keys, and plugin DB credentials. This is an incomplete fix for GHSA-j274-39qw-32c9."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2","versionType":"semver","status":"affected"},{"version":"2.0.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:46:11.337524Z","id":"CVE-2026-61450","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-mc5q-6hpj-rp7j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-before-config-exfiltration-via-offsetget-filter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-mc5q-6hpj-rp7j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61455","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.877","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage resources."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.1","versionType":"semver","status":"affected"},{"version":"2.0.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:49:21.784927Z","id":"CVE-2026-61455","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-928x-9mpw-8h56","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-before-decompression-bomb-via-ziparchiver","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-928x-9mpw-8h56","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61456","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:51.023","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/media endpoint. The HandlesMediaUploads::processUploadedFile() method validates only the file extension and never invokes Security::sanitizeSVG(), so an authenticated attacker with the api.media.write permission can upload an SVG containing arbitrary JavaScript. The file is stored unmodified and served with Content-Type: image/svg+xml; when an administrator opens it in a browser (directly or via <object>/<iframe>), the embedded script executes in their session context, enabling cookie theft and session hijacking."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.0.3","versionType":"semver","status":"affected"},{"version":"1.0.3","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:45:09.952855Z","id":"CVE-2026-61456","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-7vhm-8x52-2r5p","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-before-stored-xss-via-svg-upload-api","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-7vhm-8x52-2r5p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61492","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:51.153","lastModified":"2026-07-10T18:57:39.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"YouTrack","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.2.17394","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:14:28.411503Z","id":"CVE-2026-61492","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.2.17394","matchCriteriaId":"C1AA61F9-FE39-4425-BC11-61AD93279321"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-15143","sourceIdentifier":"secalert@redhat.com","published":"2026-07-10T16:16:25.680","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-built-in-detector-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-guardrails-detector-huggingface-runtime-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:42:19.456726Z","id":"CVE-2026-15143","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15143","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498165","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-15374","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T16:16:26.517","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"modules":["Group Interface"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:47:46.616812Z","id":"CVE-2026-15374","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://drive.google.com/file/d/1GtIZC_PrOJPfQAfjcBckEbf8uDzGjt9B/view?usp=sharing","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15374","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797458","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377441","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377441/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15375","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T16:16:26.667","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"modules":["LDAP User Interface"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://drive.google.com/file/d/14q47WM7nqXuUJbN-3xTXzCIbMUwD1kL8/view?usp=sharing","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15375","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797459","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377442","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377442/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-33382","sourceIdentifier":"security@grafana.com","published":"2026-07-10T16:16:29.130","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:59:38.846803Z","id":"CVE-2026-33382","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-33382","source":"security@grafana.com"}]}},{"cve":{"id":"CVE-2026-54001","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:32.467","lastModified":"2026-07-10T17:44:36.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the authenticode table targeting a maliciously crafted binary, due to publisher information parsing in getOriginalProgramName. If exploited successfully, this could allow a potential local privilege escalation from standard user to SYSTEM. This issue is fixed in version 5.23.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"osquery","product":"osquery","versions":[{"version":"< 5.23.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/osquery/osquery/commit/59a808cda96d5a089cf6ec147efe152459284d54","source":"security-advisories@github.com"},{"url":"https://github.com/osquery/osquery/pull/8923","source":"security-advisories@github.com"},{"url":"https://github.com/osquery/osquery/releases/tag/5.23.1","source":"security-advisories@github.com"},{"url":"https://github.com/osquery/osquery/security/advisories/GHSA-hr28-jvpx-68cx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55500","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:33.357","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.4.80","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:39:22.455445Z","id":"CVE-2026-55500","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/0c7c9de00ae3ab81d6580e3cc368483c4c03f6fd","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.4.80","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55501","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:33.493","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail. A remote attacker can rotate the X-Forwarded-For value on each login attempt to receive a fresh rate-limit bucket, bypass the 5-attempt threshold and progressive lockout durations, and perform unlimited brute-force attempts against the dashboard password. This issue is fixed in version 0.4.80."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.4.80","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:44:55.006800Z","id":"CVE-2026-55501","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/7648c3412b403a29f04967c4b4e9725e228791d4","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.4.80","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56676","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:34.923","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/c7d07448c58bec1200741de0b73305b860416b82","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-8595","sourceIdentifier":"security@grafana.com","published":"2026-07-10T16:16:39.400","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting)."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:59:08.422134Z","id":"CVE-2026-8595","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-8595","source":"security@grafana.com"}]}},{"cve":{"id":"CVE-2026-8609","sourceIdentifier":"security@grafana.com","published":"2026-07-10T16:16:39.510","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service)."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:53:40.169487Z","id":"CVE-2026-8609","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-8609","source":"security@grafana.com"}]}},{"cve":{"id":"CVE-2026-15377","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T17:16:54.430","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:44:09.588892Z","id":"CVE-2026-15377","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://drive.google.com/file/d/1qnAoRYVrMeB4fhtLV4XFZOVrzVM3UeHx/view?usp=sharing","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15377","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797462","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377444","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377444/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-2398","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-10T17:16:56.320","lastModified":"2026-07-10T18:16:20.733","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation.\n\nThis issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Adam Retail Automation Ltd.","product":"MobilMen 20T","defaultStatus":"unknown","versions":[{"version":"v3","lessThanOrEqual":"10072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:36:53.025719Z","id":"CVE-2026-2398","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0526","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-39903","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T17:16:57.230","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated low-privileged user can approve, reject, or delete any pending attachments on any board without holding the required approve_posts permission, bypass moderation queues for their own uploads, and enumerate and delete other users' pending attachments."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"SimpleMachines","product":"SMF","defaultStatus":"affected","repo":"https://github.com/SimpleMachines/SMF","versions":[{"version":"2.1.0","lessThan":"2.1.8","versionType":"semver","status":"affected"},{"version":"3.0.0","lessThan":"3.0.0 Alpha 5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/SimpleMachines/SMF/commit/7d048f8d66aab9af51cd6ee110fbad103cf673e8","source":"disclosure@vulncheck.com"},{"url":"https://github.com/SimpleMachines/SMF/commit/a7875e876a647572dd4c45da881b875092caac3d","source":"disclosure@vulncheck.com"},{"url":"https://github.com/SimpleMachines/SMF/pull/9181","source":"disclosure@vulncheck.com"},{"url":"https://github.com/SimpleMachines/SMF/pull/9182","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/simple-machines-forum-authorization-bypass-via-attachmentapprove-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-3251","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-10T17:16:57.367","lastModified":"2026-07-10T18:16:21.927","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS.\n\nThis issue affects Mezunum Satiyorum: from 1.2.504 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Webremium Istanbul Web Design","product":"Mezunum Satiyorum","defaultStatus":"unknown","versions":[{"version":"1.2.504","lessThanOrEqual":"10072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:39:09.185686Z","id":"CVE-2026-3251","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0525","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-54919","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:58.700","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIB_MBEDTLS_SUPPORT or CPPHTTPLIB_WOLFSSL_SUPPORT and a client connects to an IP-literal host with server certificate verification enabled, SSLClient and Client in HTTPS mode skip certificate chain validation and WebSocketClient on the Mbed TLS backend skips verification altogether, allowing a man-in-the-middle attacker positioned to intercept traffic to present a crafted certificate and read or modify the traffic. This issue is fixed in version 0.47.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"yhirose","product":"cpp-httplib","versions":[{"version":">= 0.31.0, < 0.47.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:52:21.593437Z","id":"CVE-2026-54919","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/yhirose/cpp-httplib/commit/fa981cedae004ea9d946f1392b9dec22fac6fee6","source":"security-advisories@github.com"},{"url":"https://github.com/yhirose/cpp-httplib/releases/tag/v0.47.0","source":"security-advisories@github.com"},{"url":"https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-8ffh-4p95-g3p2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55638","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:59.183","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:45:56.907696Z","id":"CVE-2026-55638","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55780","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:59.733","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validated against the real file size. A crafted bundle can cause an attacker-chosen allocation inside Extract, where std::bad_alloc or std::length_error can escape across the COM STDMETHODCALLTYPE boundary and crash the process. This issue is fixed in version 6.5.1749.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"M2Team","product":"NanaZip","versions":[{"version":"< 6.5.1749.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.4,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/M2Team/NanaZip/commit/ad62e3b4970b9f01e924c99094d6fed7a42f849a","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-ppm9-5267-rq72","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55782","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:00.017","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against the data present in the file. A tiny crafted module can force multi-gigabyte allocations during listing or extraction through NameSize, Information.Size, and std::string or vector allocation paths, causing memory exhaustion or process termination. This issue is fixed in version 6.5.1749.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"M2Team","product":"NanaZip","versions":[{"version":"< 6.5.1749.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.4,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://github.com/M2Team/NanaZip/commit/1ce90f2d14a984476d0407a835273705607facf2","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/commit/56aee89037947410dd5e66f3a087e0f290484bae","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/commit/92b12a6e1eb0cf8e88fcc277aa7508ca1ff27db6","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-qxhc-2v6p-wm8m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55885","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:00.273","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator password hash and user/config with site configuration, through the backup download endpoint protected only by the session-static admin-nonce URL parameter. This issue is reported as fixed in version 1.7.53."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"< 1.7.53","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-312"},{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/getgrav/grav/releases/tag/1.7.53","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-2f86-9cp8-6hcf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56675","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.070","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:54:55.352353Z","id":"CVE-2026-56675","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-441"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-x5c9-v98j-722r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57167","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.430","lastModified":"2026-07-10T18:56:43.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker's videos. This issue is fixed in version 8.2.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Chocobozzz","product":"PeerTube","versions":[{"version":"< 8.2.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:42:35.684811Z","id":"CVE-2026-57167","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://github.com/Chocobozzz/PeerTube/commit/45394d701b08e87d72b8f0c1866b881f2becbde3","source":"security-advisories@github.com"},{"url":"https://github.com/Chocobozzz/PeerTube/releases/tag/v8.2.2","source":"security-advisories@github.com"},{"url":"https://github.com/Chocobozzz/PeerTube/security/advisories/GHSA-jxwq-h9xv-hr28","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58492","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.670","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin or developer code to execute arbitrary SQL against the configured database. This issue is fixed in version 1.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"< 1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:47:46.202785Z","id":"CVE-2026-58492","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/getgrav/grav-plugin-database/commit/f6d058785c9e23df7efc5ea7556f8746fef286df","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav-plugin-database/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-8jxg-4pw9-xcwf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58493","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.860","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing an administrator with plugin configuration access to inject DSN attributes or path traversal values. This issue is fixed in version 1.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"< 1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/getgrav/grav-plugin-database/commit/f6d058785c9e23df7efc5ea7556f8746fef286df","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav-plugin-database/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-jm58-p4pv-qcwc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59161","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.250","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell coordinate to make GetRows append empty rows up to the attacker-controlled index and consume excessive memory and CPU. This issue is fixed in version 2.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"qax-os","product":"excelize","versions":[{"version":"< 2.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/qax-os/excelize/commit/93f0b3caed37f21ef5079e3259c6c21dcfe68453","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/pull/2331","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/releases/tag/v2.11.0","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-q5j5-6p94-4gwc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53780","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T18:16:22.653","lastModified":"2026-07-10T18:16:22.653","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-55671","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:23.503","lastModified":"2026-07-10T18:56:43.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to loopback, internal IP, link-local, or redirected endpoints through DNS rebinding, redirects, or protocol downgrades. This issue is fixed in version 4.15.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":"< 4.15.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/b6f78086913b8d916bce9ab2e049ab0d84f947fd","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.2","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-29jh-8cfq-rr8x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56666","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:24.150","lastModified":"2026-07-10T18:56:43.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive provider account with a victim email address to be linked to the victim's local account. This issue is fixed in version 4.15.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":"< 4.15.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/c97012f0c5dc2fe960ae6e940cbea23229f0557f","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.3","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-992q-9gwp-7r79","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56668","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:24.413","lastModified":"2026-07-10T18:56:43.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's scopes, allowing a low-privilege token to be exchanged for elevated permissions at another application. This issue is fixed in version 4.15.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":"< 4.15.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/e2886a61670ca8fd41c9434f87036546e5620bcc","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.3","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-vrh8-c9cm-wh8v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57474","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-10T18:16:24.657","lastModified":"2026-07-10T18:20:24.513","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Deloitte","product":"AI Assist for Customer","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-03-25","versionType":"custom","status":"affected"},{"version":"2026-03-25","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-23T18:28:53.791135Z","id":"CVE-2026-57474","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57474","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-57475","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-10T18:16:24.813","lastModified":"2026-07-10T18:20:24.513","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Deloitte","product":"AI Assist for Customer","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-03-25","versionType":"custom","status":"affected"},{"version":"2026-03-25","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-23T18:30:43.710557Z","id":"CVE-2026-57475","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57474","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-57476","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-10T18:16:24.947","lastModified":"2026-07-10T18:20:24.513","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Deloitte","product":"AI Assist for Customer","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-03-25","versionType":"custom","status":"affected"},{"version":"2026-03-25","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-23T18:31:21.217805Z","id":"CVE-2026-57476","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57474","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}}]}