{"resultsPerPage":380,"startIndex":0,"totalResults":380,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-14T23:52:48.147","vulnerabilities":[{"cve":{"id":"CVE-2005-1436","sourceIdentifier":"cve@mitre.org","published":"2005-05-03T04:00:00.000","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"}]}]}],"references":[{"url":"http://secunia.com/advisories/15216","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.osvdb.org/16270","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16271","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16272","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16273","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16274","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/15216","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.osvdb.org/16270","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16271","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16272","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16273","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16274","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2005-1439","sourceIdentifier":"cve@mitre.org","published":"2005-05-03T04:00:00.000","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","matchCriteriaId":"69CEF9C4-AD16-4310-84F3-22F6BDA47515"}]}]}],"references":[{"url":"http://secunia.com/advisories/15216","source":"cve@mitre.org"},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/16279","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/15216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.gulftech.org/?node=research&article_id=00071-05022005","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/16279","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2006-5407","sourceIdentifier":"cve@mitre.org","published":"2006-10-19T01:07:00.000","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter."},{"lang":"es","value":"Vulnerabilidad de inclusión remota del archivo en PHP open_form.php en osTicket permite a los atacantes remotos la ejecución de código PHP de su elección mediante una URL en el parámetro include_dir."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","matchCriteriaId":"69CEF9C4-AD16-4310-84F3-22F6BDA47515"}]}]}],"references":[{"url":"http://securityreason.com/securityalert/1745","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/448687/100/0/threaded","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29577","source":"cve@mitre.org"},{"url":"http://securityreason.com/securityalert/1745","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/448687/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29577","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2009-2361","sourceIdentifier":"cve@mitre.org","published":"2009-07-08T15:30:01.217","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en include/class.staff.php en osTicket before v1.6 RC5 permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro staff username."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:rc4:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"277B3646-8A46-4134-8BD2-6F4B2BC367FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"}]}]}],"references":[{"url":"http://osticket.com/forums/project.php?issueid=118","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/35629","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/9032","source":"cve@mitre.org"},{"url":"http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.osvdb.org/55472","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/504615/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/35516","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id?1022480","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2009/1726","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51417","source":"cve@mitre.org"},{"url":"http://osticket.com/forums/project.php?issueid=118","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/35629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/9032","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.osvdb.org/55472","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/504615/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/35516","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1022480","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/1726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/51417","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2010-0605","sourceIdentifier":"cve@mitre.org","published":"2010-02-11T17:30:00.877","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with \"Staff\" permissions, to execute arbitrary SQL commands via the input parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en scp/ajax.php en osTicket v1.6.0 Stable, permite a usuarios autenticados remotamente, con permisos de \"staff\", ejecutar comandos SQL de su elección a través del parámetro \"input\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:rc5:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"8063A165-A2AB-459E-B9FB-256F2A460004"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc4:*:*:*:*:*:*","matchCriteriaId":"2558F5AF-59B7-42C3-ABC3-0B936633D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*","matchCriteriaId":"C0CEA985-2810-4828-A6EC-60E948AAEC77"}]}]}],"references":[{"url":"http://osticket.com/forums/project.php?issueid=176","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/11380","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/38166","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://osticket.com/forums/project.php?issueid=176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.exploit-db.com/exploits/11380","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/38166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2010-0606","sourceIdentifier":"cve@mitre.org","published":"2010-02-11T17:30:00.907","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php."},{"lang":"es","value":"Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en scp/ajax.php en osTicket anterior a v1.6.0 Stable, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través del parámetro \"f\", posiblemente relacionado con un mensaje de error generado por scp/admin.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:rc5:*:*:*:*:*:*","versionEndIncluding":"1.6","matchCriteriaId":"8063A165-A2AB-459E-B9FB-256F2A460004"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc4:*:*:*:*:*:*","matchCriteriaId":"2558F5AF-59B7-42C3-ABC3-0B936633D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*","matchCriteriaId":"C0CEA985-2810-4828-A6EC-60E948AAEC77"}]}]}],"references":[{"url":"http://osticket.com/forums/project.php?issueid=176","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/38166","source":"cve@mitre.org"},{"url":"http://osticket.com/forums/project.php?issueid=176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://secunia.com/advisories/38515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/38166","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2010-4634","sourceIdentifier":"cve@mitre.org","published":"2010-12-30T21:00:05.580","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439.  NOTE: this issue has been disputed by a reliable third party"},{"lang":"es","value":"** CONTROVERTIDO **  Vulnerabilidad de salto de directorio en osTicket 1.6. Permite a atacantes remotos leer ficheros arbitrariamente a través de .. (punto punto) en el paráemtro fichero de module.php, un vector diferente al de CVE-2005-1439.  NOTA: esta vulnerabilidad ha sido discutida por un tercero de confianza."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:*:*:*:*:*:*:*","matchCriteriaId":"A95BA812-8405-4F6C-86EC-8615C6169234"}]}]}],"references":[{"url":"http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt","source":"cve@mitre.org"},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002468.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002469.html","source":"cve@mitre.org"},{"url":"http://www.exploit-db.com/exploits/15471","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/44739","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002468.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.attrition.org/pipermail/vim/2010-November/002469.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.exploit-db.com/exploits/15471","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/44739","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2014-4744","sourceIdentifier":"cve@mitre.org","published":"2014-07-09T14:55:04.343","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en osTicket anterior a 1.9.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros (1) Phone Number field en open.php o (2) Phone number field, (3) passwd1 field, (4) passwd2 field o (5) do en account.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.1","matchCriteriaId":"31DC4FA8-16F8-45F5-A344-9AF98784D4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.0:*:*:*:*:*:*:*","matchCriteriaId":"02D550AE-562C-4F75-808E-6F5C3F2DC3F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"BDF3C31C-6C9B-4557-972E-2AD115144539"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"FD3D8CEA-2CA0-4E7E-9FE0-F82CF0412041"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc1:*:*:*:*:*:*","matchCriteriaId":"3675BB37-2B02-400E-875C-5D3D83408ADA"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc2:*:*:*:*:*:*","matchCriteriaId":"10673CCF-5C3E-4371-B670-DEF7212DDCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc3:*:*:*:*:*:*","matchCriteriaId":"C5B3DF5B-1CAA-4F76-AD2A-F3A4988D47DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc4:*:*:*:*:*:*","matchCriteriaId":"2558F5AF-59B7-42C3-ABC3-0B936633D5A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6:rc5:*:*:*:*:*:*","matchCriteriaId":"D857B226-2F53-40BA-A6FF-5ECA72F66A39"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"1FD2A318-6DFB-4701-B7C0-2097DEBFF68D"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"A1380BD9-1950-46BF-A150-A5C7B3B122F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0:rc1:*:*:*:*:*:*","matchCriteriaId":"410E1DA8-D8DA-4925-9296-899AD7AFF1D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0:rc2:*:*:*:*:*:*","matchCriteriaId":"B5872239-C3D1-46F2-9AE1-E44711FCD276"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BDDA3155-5BE1-486F-8CD5-1CA152AC3BB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CA4BF6A3-23BF-4C80-B73A-1E476DA231D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.3:*:*:*:*:*:*:*","matchCriteriaId":"65D56D66-F8BB-4DB5-A3B1-B8CD7F2710A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.0.4:*:*:*:*:*:*:*","matchCriteriaId":"1185DBA7-AEA8-4347-8800-9926A7648525"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"471735B2-A4D3-4EF0-A388-0D54352CDEA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1:developer_preview:*:*:*:*:*:*","matchCriteriaId":"32937B3C-A713-4CB5-A265-80B9F904B018"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1:rc1:*:*:*:*:*:*","matchCriteriaId":"745EC140-694C-4EAF-9E27-E40FBDEE125B"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BA8FFCFB-6E7E-45B7-9279-6D06C61ED934"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.1.2:*:*:*:*:*:*:*","matchCriteriaId":"CC9440ED-352C-49EF-80B1-97FAE6E72D5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"75828A46-0334-4ACF-A0FF-7F6EAB11E310"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"BDB01480-8551-42B2-8BA5-129BF566485E"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"6E9A63F4-A62E-4E88-8AD9-E37295BABB46"}]}]}],"references":[{"url":"http://secunia.com/advisories/59539","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/68500","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/59539","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/68500","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}},{"cve":{"id":"CVE-2015-1176","sourceIdentifier":"cve@mitre.org","published":"2015-01-23T15:59:11.070","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action."},{"lang":"es","value":"Vulnerabilidad de XSS en upload/scp/tickets.php en osTicket anterior a 1.9.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro status en una acción de búsqueda."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.4","matchCriteriaId":"DF4DF9EE-3B3B-450D-B3E6-FBBBEF6C1B70"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/534526/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/72276","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/pull/1639","source":"cve@mitre.org"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/archive/1/534526/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/72276","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://github.com/osTicket/osTicket-1.8/pull/1639","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-1347","sourceIdentifier":"cve@mitre.org","published":"2015-01-23T15:59:14.147","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en client.inc.php en osTicket anterior a 1.9.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro lang."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.5","matchCriteriaId":"8B1583D6-BE11-4FAC-96EF-805F3385738F"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1","source":"cve@mitre.org"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1","source":"cve@mitre.org"},{"url":"https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2018-7192","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.493","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"message\" parameter."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en /ajax.php/form/help-topic en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro \"message\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7193","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.553","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"order\" parameter."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/directory.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro \"order\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7194","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.600","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting."},{"lang":"es","value":"Vulnerabilidad de formato de enteros en el generador de números de ticket en versiones anteriores a la 1.10.2 de Enhancesoft osTicket permite que atacantes remotos provoquen una denegación de servicio (evitando la creación de nuevos tickets) mediante un gran número de dígitos en los ajustes de formato de números de tickets."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7195","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.647","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number."},{"lang":"es","value":"Enhancesoft osTicket en versiones anteriores a la 1.10.2 permite que atacantes remotos restablezcan contraseñas arbitrarias (cuando se conoce una dirección de correo electrónico asociada), aprovechando el acceso de invitado y adivinando un número de 6 dígitos."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-7196","sourceIdentifier":"cve@mitre.org","published":"2018-03-27T17:29:00.710","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"sort\" parameter."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/index.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro \"sort\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"D6815DB0-3377-4FF8-9677-3DCF6F6E8839"}]}]}],"references":[{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-11537","sourceIdentifier":"cve@mitre.org","published":"2019-04-25T19:29:01.143","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion."},{"lang":"es","value":"En osTicket versiones anteriores a 1.12, tiene una vulnerabilidad de Cross-Site Scripting (XSS) a través de /upload/file.php, /upload/scp/users.php?do=import-users, y /upload/scp/ajax.php/users/import si un usuario del gestor de agentes sube un archivo.csv creado al User Importer, en el contenido del archivo puede aparecer un mensaje de error. El XSS puede conducir a la inclusión de archivos locales."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.12","matchCriteriaId":"7FE0F679-EA95-4728-AD32-0768F4E213C5"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket/pull/4869","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46753","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/46753/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/pull/4869","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46753","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/46753/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2019-14748","sourceIdentifier":"cve@mitre.org","published":"2019-08-07T17:15:12.417","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment."},{"lang":"es","value":"Se detectó un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. El formulario de creación de Ticket permite a los usuarios cargar archivos en conjunto con consultas. Se encontró que la funcionalidad file-upload presenta menos (o ninguna) mitigaciones implementadas para las comprobaciones de contenido de archivos; además, la salida no se maneja apropiadamente, causando una vulnerabilidad de tipo XSS persistente que conlleva al robo de cookies o acciones maliciosas. Por ejemplo, un usuario que no sea agente puede cargar un archivo .html y Content-Disposition será ajustado a inline en lugar de attachment."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.7","matchCriteriaId":"F4C67250-AA50-471C-9356-4C2DB0A3EA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12","versionEndExcluding":"1.12.1","matchCriteriaId":"83439B7B-7744-4C7D-ABFB-BA2F3F8DEA5A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47224","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47224","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2019-14749","sourceIdentifier":"cve@mitre.org","published":"2019-08-07T17:15:12.480","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."},{"lang":"es","value":"Se detectó un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Una inyección CSV (también se conoce como Formula) se presenta en la funcionalidad export spreadsheets. Estas hojas de cálculo se generan dinámicamente a partir de la entrada de usuario no comprobada o no filtrada en los campos Name y Internal Notes de la pestaña Users y el campo Issue Summary de la pestaña Tickets. Esto permite a otros agentes descargar datos en formato de archivo .csv o .xls. Esto es usado como entrada para aplicaciones de hoja de cálculo como Excel y OpenOffice Calc, lo que resulta en una situación en la que las celdas de las hojas de cálculo pueden contener entradas de una fuente no confiable. Como resultado, el usuario final que accede a la hoja de cálculo exportada puede estar afectado."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.7","matchCriteriaId":"F4C67250-AA50-471C-9356-4C2DB0A3EA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12","versionEndExcluding":"1.12.1","matchCriteriaId":"83439B7B-7744-4C7D-ABFB-BA2F3F8DEA5A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47225","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47225","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2019-14750","sourceIdentifier":"cve@mitre.org","published":"2019-08-07T17:15:12.557","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions."},{"lang":"es","value":"Se detectó un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Se presenta una vulnerabilidad de tipo XSS Almacenado en el archivo setup/install.php. Se observó que no fue proporcionado ningún saneamiento de entrada en los campos de firstname y lastname. La inserción de consultas maliciosas en esos campos conlleva a la ejecución de esas consultas. Esto puede conllevar aún más al robo de cookies u otras acciones maliciosas."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.7","matchCriteriaId":"F4C67250-AA50-471C-9356-4C2DB0A3EA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12","versionEndExcluding":"1.12.1","matchCriteriaId":"83439B7B-7744-4C7D-ABFB-BA2F3F8DEA5A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47226","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.10.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/releases/tag/v1.12.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47226","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2020-16193","sourceIdentifier":"cve@mitre.org","published":"2020-08-26T12:15:13.357","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call."},{"lang":"es","value":"osTicket versiones anteriores a 1.14.3, permite un ataque de tipo XSS porque el archivo include/staff/banrule.inc.php presenta una llamada $info [\"notes\"] eco no comprobada"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.3","matchCriteriaId":"AD9ACBA3-9382-444B-84F8-2859021D25F3"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-24917","sourceIdentifier":"cve@mitre.org","published":"2020-08-30T16:15:14.230","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php."},{"lang":"es","value":"osTicket versiones anteriores a 1.14.3, permite un ataque XSS por medio de un nombre de archivo diseñado en la función DraftAjaxAPI::_uploadInlineImage() en el archivo include/ajax.draft.php"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.3","matchCriteriaId":"AD9ACBA3-9382-444B-84F8-2859021D25F3"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://sisl.lab.uic.edu/projects/chess/osticket-xss/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://sisl.lab.uic.edu/projects/chess/osticket-xss/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-24881","sourceIdentifier":"cve@mitre.org","published":"2020-11-02T21:15:26.680","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning."},{"lang":"es","value":"Una vulnerabilidad de tipo SSRF se presenta en osTicket versiones anteriores a 1.14.3, donde un atacante puede agregar un archivo malicioso al servidor o llevar a cabo un escaneo de puertos"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.3","matchCriteriaId":"AD9ACBA3-9382-444B-84F8-2859021D25F3"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-32074","sourceIdentifier":"cve@mitre.org","published":"2022-07-13T16:15:08.900","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file."},{"lang":"es","value":"Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente audit/class.audit.php de osTicket-plugins - Storage-FS versiones anteriores al commit a7842d494889fd5533d13deb3c6a7789768795ae, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un archivo SVG manipulado"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndExcluding":"2022-05-19","matchCriteriaId":"6336A5DD-C366-4235-BF7B-1D7D3D01B072"}]}]}],"references":[{"url":"https://github.com/osTicket/osTicket-plugins","source":"cve@mitre.org","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://owasp.org/www-community/attacks/xss/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket-plugins","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://owasp.org/www-community/attacks/xss/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-26241","sourceIdentifier":"cve@mitre.org","published":"2025-05-05T16:15:50.750","lastModified":"2026-07-10T18:20:35.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability in the \"Search\" functionality of \"tickets.php\" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the \"keywords\" and \"topic_id\" URL parameters combination."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL en la funcionalidad \"Search\" de la página \"tickets.php\" en osTicket &lt;=1.17.5 permite a atacantes autenticados ejecutar comandos SQL arbitrarios a través de la combinación de parámetros de URL \"keywords\" y \"topic_id\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-05T17:36:30.209895Z","id":"CVE-2025-26241","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*","versionEndIncluding":"1.17.5","matchCriteriaId":"BF4D2A1D-E4AF-42C3-ABB0-E297CD01D863"}]}]}],"references":[{"url":"https://members.backbox.org/osticket-sql-injection-bypass/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-8889","sourceIdentifier":"contact@wpscan.com","published":"2025-09-09T06:15:32.370","lastModified":"2026-07-10T15:38:30.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Compress & Upload","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-09-09T19:36:31.528158Z","id":"CVE-2025-8889","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eliehanna:compress_\\&_upload:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.0.5","matchCriteriaId":"CCB3E97E-8BC2-4CAD-9FC3-C7ED65E54489"}]}]}],"references":[{"url":"https://wpscan.com/vulnerability/5d84a577-62aa-4aa2-ac39-b146eae65243/","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-37094","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-03T22:16:25.673","lastModified":"2026-07-10T15:16:35.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication token for a controlled account and replay it against any victim account sharing the same password, since tokens are bound to password hashes rather than unique per-user values, bypassing the victim's 2FA protections."},{"lang":"es","value":"EspoCRM 5.8.5 contiene una vulnerabilidad de autenticación que permite a los atacantes acceder a otras cuentas de usuario manipulando los encabezados de autorización. Los atacantes pueden decodificar y modificar los tokens Basic Authorization y Espo-Authorization para obtener acceso no autorizado a información y privilegios de usuarios administrativos."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"EspoCRM","product":"EspoCRM","defaultStatus":"unaffected","repo":"https://github.com/espocrm/espocrm","versions":[{"version":"5.7.0","lessThan":"5.9.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-04T19:36:20.554721Z","id":"CVE-2020-37094","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-303"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*","versionEndIncluding":"5.8.5","matchCriteriaId":"534BF0F6-C81A-445E-ACAA-2E5B08832ABF"}]}]}],"references":[{"url":"https://github.com/espocrm/espocrm/commit/b299220dd0c7acdaa1ed8be8ffd79c7985093c7a","source":"disclosure@vulncheck.com"},{"url":"https://www.espocrm.com","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.exploit-db.com/exploits/48376","source":"disclosure@vulncheck.com","tags":["Exploit","VDB Entry"]},{"url":"https://www.vulncheck.com/advisories/espocrm-two-factor-auth-bypass-via-auth-token-reuse-between-accounts-with-identical-passwords","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-21262","sourceIdentifier":"secure@microsoft.com","published":"2026-03-10T18:18:06.190","lastModified":"2026-07-10T19:32:52.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network."},{"lang":"es","value":"Control de acceso inadecuado en SQL Server permite a un atacante autorizado elevar privilegios a través de una red."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft SQL Server 2016 Service Pack 3 (GDR)","platforms":["x64-based Systems"],"versions":[{"version":"13.0.0","lessThan":"13.0.6480.4","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack","platforms":["x64-based Systems"],"versions":[{"version":"13.0.0","lessThan":"13.0.7075.5","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2017 (CU 31)","platforms":["x64-based Systems"],"versions":[{"version":"14.0.0","lessThan":"14.0.3520.4","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2017 (GDR)","platforms":["x64-based Systems"],"versions":[{"version":"14.0.0","lessThan":"14.0.2100.4","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2019 (CU 32)","platforms":["x64-based Systems"],"versions":[{"version":"15.0.0.0","lessThan":"15.0.4460.4","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2019 (GDR)","platforms":["x64-based Systems"],"versions":[{"version":"15.0.0","lessThan":"15.0.2160.4","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2022 (GDR)","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.1170.5","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2022 for x64-based Systems (CU 23)","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0.0","lessThan":"16.0.4240.4","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2025 (CU 2)","platforms":["x64-based Systems"],"versions":[{"version":"17.0.0.0","lessThan":"17.0.4020.2","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SQL Server 2025 for x64-based Systems (GDR)","platforms":["x64-based Systems"],"versions":[{"version":"17.0.1050.2","lessThan":"17.0.1105.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-05T00:00:00+00:00","id":"CVE-2026-21262","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*","versionStartIncluding":"13.0.6300.2","versionEndExcluding":"13.0.6480.4","matchCriteriaId":"0512F204-5C6C-416C-BAE9-37A46C517A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*","versionStartIncluding":"13.0.7000.253","versionEndExcluding":"13.0.7075.5","matchCriteriaId":"FF21E018-C759-44FA-B1BF-1A97054606E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*","versionStartIncluding":"14.0.1000.169","versionEndExcluding":"14.0.2100.4","matchCriteriaId":"36B7482B-D75C-4EFD-AD60-251BAD0A9FE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*","versionStartIncluding":"14.0.3006.16","versionEndExcluding":"14.0.3520.4","matchCriteriaId":"AAE03DE1-E3F6-4450-9B06-695C0BEC4517"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*","versionStartIncluding":"15.0.2000.5","versionEndExcluding":"15.0.2160.4","matchCriteriaId":"EB3E749F-531E-4516-A23E-C62FB6564CE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*","versionStartIncluding":"15.0.4003.23","versionEndExcluding":"15.0.4460.4","matchCriteriaId":"52924A9F-292A-4A73-9A9C-6A59763AD615"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*","versionStartIncluding":"16.0.1000.6","versionEndExcluding":"16.0.1170.5","matchCriteriaId":"930A8DB4-E8DF-4C8B-8D7C-43DDB705D5E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*","versionStartIncluding":"16.0.4003.1","versionEndExcluding":"16.0.4240.4","matchCriteriaId":"DA833891-A29B-46C0-8945-693E70C0AA57"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*","versionStartIncluding":"17.0.1000.7","versionEndExcluding":"17.0.1105.2","matchCriteriaId":"9498FF0D-E8A3-4430-AE23-EC2BF0631002"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*","versionStartIncluding":"17.0.4006.2","versionEndExcluding":"17.0.4020.2","matchCriteriaId":"EE7E80DA-728A-4BA2-9D72-71577FE83723"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21262","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0270","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:53.953","lastModified":"2026-07-10T18:16:05.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux  allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XSOAR","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"8.13","lessThan":"8.13.0.11","versionType":"custom","status":"affected","changes":[{"at":"8.13.0.11","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cortex XSOAR","defaultStatus":"unaffected","versions":[{"version":"8.12.0","versionType":"custom","status":"affected"},{"version":"8.11.0","versionType":"custom","status":"affected"},{"version":"8.10.0","versionType":"custom","status":"affected"},{"version":"6.14.0","versionType":"custom","status":"unaffected"},{"version":"6.13.0","versionType":"custom","status":"unaffected"},{"version":"6.12.0","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-0270","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*","versionStartIncluding":"8.10.0","versionEndExcluding":"8.13.0.11","matchCriteriaId":"A16792C5-B73E-46EA-8A84-28FFA512DB7A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-4559","source":"psirt@paloaltonetworks.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://security.paloaltonetworks.com/CVE-2026-0270","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0271","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:54.110","lastModified":"2026-07-10T18:18:00.457","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"0","lessThan":"26.2.1","versionType":"custom","status":"affected","changes":[{"at":"26.2.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["macOS","Windows","iOS","Android","Chrome OS"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T13:48:10.520535Z","id":"CVE-2026-0271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:prisma_access_agent:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.1","matchCriteriaId":"55CDB450-F60C-4E24-9580-6E9B787B1FB1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0271","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-0274","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-10T22:16:55.187","lastModified":"2026-07-10T16:49:09.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XSIAM CommvaultSecurityIQ Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.1.0","lessThan":"1.2.0","versionType":"custom","status":"affected","changes":[{"at":"1.2.0","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Cortex XSOAR CommvaultSecurityIQ Marketplace","defaultStatus":"unaffected","versions":[{"version":"1.1.0","lessThan":"1.2.0","versionType":"custom","status":"affected","changes":[{"at":"1.2.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-0274","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1390"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsiam_commvaultsecurityiq_marketplace:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"DD151BA7-879B-4F39-BFAF-9046253FE182"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:cortex_xsoar_commvaultsecurityiq_marketplace:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2D8C3692-1612-455C-AF1F-6A697BF07622"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0274","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11769","sourceIdentifier":"security@grafana.com","published":"2026-06-13T06:16:14.380","lastModified":"2026-07-10T16:16:23.677","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.\n\n\n### Summary\n\nThe Grafana Operator supports loading dashboards & library panels using the jsonnet data templating language. The jsonnet expression is evaluated in the context of the operator manager pod.\n\n\n### Impact\n\nIt is possible for a malicious user who can create Dashboard or LibraryPanel resources for a Grafana instance to obtain the Kubernetes service account token of the Grafana Operator manager.\n\n### Affected versions\n\nAll Grafana Operator versions <= 5.23\n\n### Solutions and mitigations\n\nAll installations should be upgraded as soon as possible.\n\nAs a workaround, the following ValidatingAdmissionPolicy prevent the creation or modification of jsonnet based resources:\n\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicy\nmetadata:\n  name: \"prevent-jsonnet-dashboards\"\nspec:\n  failurePolicy: Fail\n  matchConstraints:\n    resourceRules:\n      - apiGroups: [\"grafana.integreatly.org\"]\n        apiVersions: [\"v1beta1\"]\n        operations: [\"CREATE\", \"UPDATE\"]\n        resources: [\"grafanadashboards\", \"grafanalibrarypanels\"]\n  validations:\n    - expression: \"!has(object.spec.jsonnetLib)\"\n---\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingAdmissionPolicyBinding\nmetadata:\n  name: \"prevent-jsonnet-dashboards-clusterwide\"\nspec:\n  policyName: \"prevent-jsonnet-dashboards\"\n  validationActions: [Deny]\n\n\n\n### Acknowledgement\n\nWe would like to thank Artem Cherezov for responsibly disclosing the vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Operator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.23.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T17:24:16.248300Z","id":"CVE-2026-11769","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana_operator:*:*:*:*:*:*:*:*","versionEndExcluding":"5.24.0","matchCriteriaId":"A03C27FE-3E61-4442-9AC7-C9A7B0E30825"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-11769","source":"security@grafana.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10601","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:16:25.167","lastModified":"2026-07-10T16:16:22.733","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:44:03.006985Z","id":"CVE-2026-10601","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.0:-:*:*:-:*:*:*","matchCriteriaId":"1C499469-E087-433D-809A-92F454E0D917"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-10601","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-42129","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:17:36.340","lastModified":"2026-07-10T16:16:31.113","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:44:32.401117Z","id":"CVE-2026-42129","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:loki_datasource:-:*:*:*:*:*:*:*","matchCriteriaId":"AC9FBA76-8620-4AE4-85A3-AB43E19A6331"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-42129","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-9029","sourceIdentifier":"security@grafana.com","published":"2026-06-22T14:17:55.800","lastModified":"2026-07-10T16:16:39.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard (stored cross-site scripting)."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T03:55:45.644989Z","id":"CVE-2026-9029","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:-:*:*:*","matchCriteriaId":"BBF9171C-F062-4FA4-8513-2D540FA072C9"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-9029","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-42127","sourceIdentifier":"security@grafana.com","published":"2026-06-22T18:16:37.430","lastModified":"2026-07-10T16:16:30.967","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access token or authentication is required to exploit this vulnerability."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Enterprise","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.3","versionType":"semver","status":"affected"},{"version":"13.0.0","lessThanOrEqual":"13.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:28:16.184877Z","id":"CVE-2026-42127","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@grafana.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"11.6.14","matchCriteriaId":"BCCF12AE-CA32-42A8-9837-4EF45704D150"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.8","matchCriteriaId":"E60EEF4D-DD52-4DB1-9E58-59B7EE4D1D9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.6","matchCriteriaId":"F0AF4DB6-120E-44EE-BF4D-E41FCBE88A77"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.4.0","versionEndIncluding":"12.4.3","matchCriteriaId":"8F22EAA5-D510-4261-9A3F-6AC315378F23"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.0.0","versionEndIncluding":"13.0.1","matchCriteriaId":"16FCDFDF-CD01-4A1C-B6DB-9C4B116374FB"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-42127","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-52994","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:10.327","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting\n\nvirtio_transport_init_zcopy_skb() uses iter->count as the size argument\nfor msg_zerocopy_realloc(), which in turn passes it to\nmm_account_pinned_pages() for RLIMIT_MEMLOCK accounting. However, this\nfunction is called after virtio_transport_fill_skb() has already consumed\nthe iterator via __zerocopy_sg_from_iter(), so on the last skb, iter->count\nwill be 0, skipping the RLIMIT_MEMLOCK enforcement.\n\nPass pkt_len (the total bytes being sent) as an explicit parameter to\nvirtio_transport_init_zcopy_skb() instead of reading the already-consumed\niter->count.\n\nThis matches TCP and UDP, which both call msg_zerocopy_realloc() with\nthe original message size."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/vmw_vsock/virtio_transport_common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"581512a6dc939ef122e49336626ae159f3b8a345","lessThan":"6af1736b5810bc8a4a43a8518530113f5a757dc1","versionType":"git","status":"affected"},{"version":"581512a6dc939ef122e49336626ae159f3b8a345","lessThan":"d0117950075f0a9d5944980784c719d8ebcd4bff","versionType":"git","status":"affected"},{"version":"581512a6dc939ef122e49336626ae159f3b8a345","lessThan":"1cb36e252211506f51095fe7ced8286cc77b4c80","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/vmw_vsock/virtio_transport_common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1cb36e252211506f51095fe7ced8286cc77b4c80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6af1736b5810bc8a4a43a8518530113f5a757dc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d0117950075f0a9d5944980784c719d8ebcd4bff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-52995","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:10.423","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: zero per-item info buffer before handing it to visitors\n\nrds_for_each_conn_info() and rds_walk_conn_path_info() both hand a\ncaller-allocated on-stack u64 buffer to a per-connection visitor and\nthen copy the full item_len bytes back to user space via\nrds_info_copy() regardless of how much of the buffer the visitor\nactually wrote.\n\nrds_ib_conn_info_visitor() and rds6_ib_conn_info_visitor() only\nwrite a subset of their output struct when the underlying\nrds_connection is not in state RDS_CONN_UP (src/dst addr, tos, sl\nand the two GIDs via explicit memsets). Several u32 fields\n(max_send_wr, max_recv_wr, max_send_sge, rdma_mr_max, rdma_mr_size,\ncache_allocs) and the 2-byte alignment hole between sl and\ncache_allocs remain as whatever stack contents preceded the visitor\ncall and are then memcpy_to_user()'d out to user space.\n\nstruct rds_info_rdma_connection and struct rds6_info_rdma_connection\nare the only rds_info_* structs in include/uapi/linux/rds.h that are\nnot marked __attribute__((packed)), so they have a real alignment\nhole. The other info visitors (rds_conn_info_visitor,\nrds6_conn_info_visitor, rds_tcp_tc_info, ...) write all fields of\ntheir packed output struct today and are not known to be vulnerable,\nbut a future visitor that adds a conditional write-path would have\nthe same bug.\n\nReproduction on a kernel built without CONFIG_INIT_STACK_ALL_ZERO=y:\na local unprivileged user opens AF_RDS, sets SO_RDS_TRANSPORT=IB,\nbinds to a local address on an RDMA-capable netdev (rxe soft-RoCE on\nany netdev is sufficient), sendto()'s any peer on the same subnet\n(fails cleanly but installs an rds_connection in the global hash in\nRDS_CONN_CONNECTING), then calls getsockopt(SOL_RDS,\nRDS_INFO_IB_CONNECTIONS). The returned 68-byte item contains 26\nbytes of stack garbage including kernel text/data pointers:\n\n    0..7   0a 63 00 01 0a 63 00 02     src=10.99.0.1 dst=10.99.0.2\n    8..39  00 ...                      gids (memset-zeroed)\n    40..47 e0 92 a3 81 ff ff ff ff     kernel pointer (max_send_wr)\n    48..55 7f 37 b5 81 ff ff ff ff     kernel pointer (rdma_mr_max)\n    56..59 01 00 08 00                 rdma_mr_size (garbage)\n    60..61 00 00                       tos, sl\n    62..63 00 00                       alignment padding\n    64..67 18 00 00 00                 cache_allocs (garbage)\n\nFix by zeroing the per-item buffer in both rds_for_each_conn_info()\nand rds_walk_conn_path_info() before invoking the visitor. This\ncovers the IPv4/IPv6 IB visitors and hardens all current and future\nvisitors against the same class of bug.\n\nNo functional change for visitors that fully populate their output.\n\nChanges in v2:\n- retarget at the net tree (subject prefix \"[PATCH net v2]\",\n  net/rds: prefix in the title)\n- pick up Reviewed-by tags from Sharath Srinivasan and\n  Allison Henderson"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/rds/connection.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"81651e9d7dea1c048d2952f57632a042931d7b43","versionType":"git","status":"affected"},{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"0797b2e6901827694aa9c34c4c72118c8c97fba1","versionType":"git","status":"affected"},{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"5e67cc262afb384e835c3327e9d954eeaedc6a87","versionType":"git","status":"affected"},{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"b6ba93a7b71ed443c9843eb12d27ed86f1e52694","versionType":"git","status":"affected"},{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"c7cb9eed8215a790f052f49cdccf577720d2bb62","versionType":"git","status":"affected"},{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"91ce1bb6e4194dc2321748f68145359dcf86e350","versionType":"git","status":"affected"},{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"912ba2e5704fdb8bc5decda96dfc1a57838f0099","versionType":"git","status":"affected"},{"version":"ec16227e14141e4fd7ae76354c09dadfe2449d9e","lessThan":"c88eb7e8d8397a8c1db59c425332c5a30b2a1682","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/rds/connection.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.30","status":"affected"},{"version":"0","lessThan":"2.6.30","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0797b2e6901827694aa9c34c4c72118c8c97fba1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5e67cc262afb384e835c3327e9d954eeaedc6a87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/81651e9d7dea1c048d2952f57632a042931d7b43","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/912ba2e5704fdb8bc5decda96dfc1a57838f0099","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/91ce1bb6e4194dc2321748f68145359dcf86e350","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b6ba93a7b71ed443c9843eb12d27ed86f1e52694","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c7cb9eed8215a790f052f49cdccf577720d2bb62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c88eb7e8d8397a8c1db59c425332c5a30b2a1682","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-52996","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:10.567","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open\n\nksmbd_lookup_fd_cguid() returns a ksmbd_file with its refcount\nincremented via ksmbd_fp_get(). parse_durable_handle_context() in\nthe DURABLE_REQ_V2 case properly releases this reference on every\npath inside the ClientGUID-match branch, either by calling\nksmbd_put_durable_fd() or by transferring ownership to dh_info->fp\nfor a successful reconnect. However, when an entry exists in the\nglobal file table with the same CreateGuid but a different\nClientGUID, the code simply falls through to the new-open path\nwithout dropping the reference obtained from ksmbd_lookup_fd_cguid().\n\nPer MS-SMB2 section 3.3.5.9.10 (\"Handling the\nSMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 Create Context\"), the server\nMUST locate an Open whose Open.CreateGuid matches the request's\nCreateGuid AND whose Open.ClientGuid matches the ClientGuid of the\nconnection that received the request. If no such Open is found, the\nserver MUST continue with the normal open execution phase. A\nCreateGuid hit with a ClientGUID mismatch is therefore the\n\"Open not found\" case: proceeding with a new open is correct, but\nthe reference obtained purely as a side effect of the lookup must\nnot be leaked.\n\nRepeated requests that hit this mismatch pin global_ft entries,\nprevent __ksmbd_close_fd() from ever running for the corresponding\nfiles, and defeat the durable scavenger, leading to long-lived\nresource leaks.\n\nRelease the reference in the mismatch path and clear dh_info->fp so\nsubsequent logic does not mistake a non-matching lookup result for\na reconnect target."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/smb2pdu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8df4bcdb0a4232192b2445256c39b787d58ef14d","lessThan":"407b6e699ba8b45b72cc265eed8a1bc8a7191609","versionType":"git","status":"affected"},{"version":"c8efcc786146a951091588e5fa7e3c754850cb3c","lessThan":"f31beef633fbf2b5af7805fa187a10bcff1d4b49","versionType":"git","status":"affected"},{"version":"c8efcc786146a951091588e5fa7e3c754850cb3c","lessThan":"06f709d0e531f3e54d88665dd426be3998a774e6","versionType":"git","status":"affected"},{"version":"c8efcc786146a951091588e5fa7e3c754850cb3c","lessThan":"8c4a0ef19c8264c150833131af34541495832cd0","versionType":"git","status":"affected"},{"version":"c8efcc786146a951091588e5fa7e3c754850cb3c","lessThan":"804054d19886ac6628883d82410f6ee42a818664","versionType":"git","status":"affected"},{"version":"6.6.32","lessThan":"6.6.141","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/smb2pdu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/06f709d0e531f3e54d88665dd426be3998a774e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/407b6e699ba8b45b72cc265eed8a1bc8a7191609","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/804054d19886ac6628883d82410f6ee42a818664","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8c4a0ef19c8264c150833131af34541495832cd0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f31beef633fbf2b5af7805fa187a10bcff1d4b49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-52997","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:10.680","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()\n\nFix dualpi2_change() to correctly enforce updated limit and memlimit\nvalues after a configuration change of the dualpi2 qdisc.\n\nBefore this patch, dualpi2_change() always attempted to dequeue packets\nvia the root qdisc (C-queue) when reducing backlog or memory usage, and\nunconditionally assumed that a valid skb will be returned. When traffic\nclassification results in packets being queued in the L-queue while the\nC-queue is empty, this leads to a NULL skb dereference during limit or\nmemlimit enforcement.\n\nThis is fixed by first dequeuing from the C-queue path if it is\nnon-empty. Once the C-queue is empty, packets are dequeued directly from\nthe L-queue. Return values from qdisc_dequeue_internal() are checked for\nboth queues. When dequeuing from the L-queue, the parent qdisc qlen and\nbacklog counters are updated explicitly to keep overall qdisc statistics\nconsistent."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sched/sch_dualpi2.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"320d031ad6e4d67e8e1ab08ac71efda02bc85683","lessThan":"86cf2eba2056bcf9c41fba260e599bd95bf9943b","versionType":"git","status":"affected"},{"version":"320d031ad6e4d67e8e1ab08ac71efda02bc85683","lessThan":"3042add80c2c50bd127d570b83319af612efde65","versionType":"git","status":"affected"},{"version":"320d031ad6e4d67e8e1ab08ac71efda02bc85683","lessThan":"478ed6b7d2577439c610f91fa8759a4c878a4264","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sched/sch_dualpi2.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/3042add80c2c50bd127d570b83319af612efde65","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/478ed6b7d2577439c610f91fa8759a4c878a4264","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/86cf2eba2056bcf9c41fba260e599bd95bf9943b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-52998","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:10.777","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_osf: fix potential NULL dereference in ttl check\n\nThe nf_osf_ttl() function accessed skb->dev to perform a local interface\naddress lookup without verifying that the device pointer was valid.\n\nAdditionally, the implementation utilized an in_dev_for_each_ifa_rcu\nloop to match the packet source address against local interface\naddresses. It assumed that packets from the same subnet should not see a\ndecrement on the initial TTL. A packet might appear it is from the same\nsubnet but it actually isn't especially in modern environments with\ncontainers and virtual switching.\n\nRemove the device dereference and interface loop. Replace the logic with\na switch statement that evaluates the TTL according to the ttl_check."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nfnetlink_osf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"f4de0777e4554a7de19c920accde6319dd530782","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"c996a90f3071cf43683e5423da31aadbe002b8b4","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"edc806f9122961f0d3819f7c69c14cccde31f277","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"5d05de2f0928d81309a815ecc76d1a3ad72cbc16","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"95be653a76793856ff8b2d8bd82c2943c23f5ca8","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"79b90a96688e521771fa6ed3dc7864b76b8df293","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"83fc5dd63455a779ea2dd0f7ffee3c920919d80b","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"711987ba281fd806322a7cd244e98e2a81903114","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nfnetlink_osf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.31","status":"affected"},{"version":"0","lessThan":"2.6.31","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"references":[{"url":"https://git.kernel.org/stable/c/5d05de2f0928d81309a815ecc76d1a3ad72cbc16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/711987ba281fd806322a7cd244e98e2a81903114","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/79b90a96688e521771fa6ed3dc7864b76b8df293","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/83fc5dd63455a779ea2dd0f7ffee3c920919d80b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/95be653a76793856ff8b2d8bd82c2943c23f5ca8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c996a90f3071cf43683e5423da31aadbe002b8b4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/edc806f9122961f0d3819f7c69c14cccde31f277","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f4de0777e4554a7de19c920accde6319dd530782","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-52999","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:10.913","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_osf: fix out-of-bounds read on option matching\n\nIn nf_osf_match(), the nf_osf_hdr_ctx structure is initialized once\nand passed by reference to nf_osf_match_one() for each fingerprint\nchecked. During TCP option parsing, nf_osf_match_one() advances the\nshared ctx->optp pointer.\n\nIf a fingerprint perfectly matches, the function returns early without\nrestoring ctx->optp to its initial state. If the user has configured\nNF_OSF_LOGLEVEL_ALL, the loop continues to the next fingerprint.\nHowever, because ctx->optp was not restored, the next call to\nnf_osf_match_one() starts parsing from the end of the options buffer.\nThis causes subsequent matches to read garbage data and fail\nimmediately, making it impossible to log more than one match or logging\nincorrect matches.\n\nInstead of using a shared ctx->optp pointer, pass the context as a\nconstant pointer and use a local pointer (optp) for TCP option\ntraversal. This makes nf_osf_match_one() strictly stateless from the\ncaller's perspective, ensuring every fingerprint check starts at the\ncorrect option offset."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nfnetlink_osf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"0145548346c4a30981a870a8ca00eac46ba27e85","versionType":"git","status":"affected"},{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"1c136f2c44a5913646bac85303612fd0825197a0","versionType":"git","status":"affected"},{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"1e19a07291bb8682c14c39a64725a3ae54ab8ccc","versionType":"git","status":"affected"},{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"32e50f92c7cf3f4eba29622179a5fcdc2aebab41","versionType":"git","status":"affected"},{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"70a3f31d25cf2ec9d4ddfa408120171ead955623","versionType":"git","status":"affected"},{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"21883587593d7c8bb519a79460a0b5bc5ffbdabd","versionType":"git","status":"affected"},{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"edb78a142d2e5948e63647c0646aa7e7886935f0","versionType":"git","status":"affected"},{"version":"1a6a0951fc009f6d9fe8ebea2d2417d80d54097b","lessThan":"f5ca450087c3baf3651055e7a6de92600f827af3","versionType":"git","status":"affected"},{"version":"0c1054e0e5fdef2369fb089e94def978bd209e1f","versionType":"git","status":"affected"},{"version":"8316b60582facd4068fb0916c4db2418c21b7174","versionType":"git","status":"affected"},{"version":"4.19.26","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"4.20.13","lessThan":"4.21","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nfnetlink_osf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"references":[{"url":"https://git.kernel.org/stable/c/0145548346c4a30981a870a8ca00eac46ba27e85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1c136f2c44a5913646bac85303612fd0825197a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1e19a07291bb8682c14c39a64725a3ae54ab8ccc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/21883587593d7c8bb519a79460a0b5bc5ffbdabd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/32e50f92c7cf3f4eba29622179a5fcdc2aebab41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/70a3f31d25cf2ec9d4ddfa408120171ead955623","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/edb78a142d2e5948e63647c0646aa7e7886935f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f5ca450087c3baf3651055e7a6de92600f827af3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53014","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:12.683","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir\n\nIn tcf_blockcast_redir(), when iterating block ports to redirect\npackets to multiple devices, the mac_header_xmit flag is queried\nfrom the wrong device. The loop sends to dev_prev but queries\ndev_is_mac_header_xmit(dev) — which is the NEXT device in the\niteration, not the one being sent to.\n\nThis causes tcf_mirred_to_dev() to make incorrect decisions about\nwhether to push or pull the MAC header. When the block contains\nmixed device types (e.g., an ethernet veth and a tunnel device),\nintermediate devices get the wrong mac_header_xmit flag, leading to\nskb header corruption. In the worst case, skb_push_rcsum with an\nincorrect mac_len can exhaust headroom and panic.\n\nThe last device in the loop is handled correctly (line 365-366 uses\ndev_is_mac_header_xmit(dev_prev)), confirming this is a copy-paste\noversight for the intermediate devices.\n\nFix by using dev_prev instead of dev for the mac_header_xmit query,\nconsistent with the device actually being sent to."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sched/act_mirred.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"42f39036cda808d3de243192a2cf5125f12f3047","lessThan":"8fda5174286119addd28473fb2ec5bdf521c05a8","versionType":"git","status":"affected"},{"version":"42f39036cda808d3de243192a2cf5125f12f3047","lessThan":"7db3e4e03032261b1b519341123fc30d995478ca","versionType":"git","status":"affected"},{"version":"42f39036cda808d3de243192a2cf5125f12f3047","lessThan":"4764953c4b47585eb72797b216b63a831dc0c7e6","versionType":"git","status":"affected"},{"version":"42f39036cda808d3de243192a2cf5125f12f3047","lessThan":"4510d140524ca7d6e772db962e013f26f09a63b1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sched/act_mirred.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4510d140524ca7d6e772db962e013f26f09a63b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4764953c4b47585eb72797b216b63a831dc0c7e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7db3e4e03032261b1b519341123fc30d995478ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8fda5174286119addd28473fb2ec5bdf521c05a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53015","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:12.790","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: unify lcn as u64 for 32-bit platforms\n\nAs sashiko reported [1], `lcn` was typed as `unsigned long` (or\n`unsigned int` sometimes), which is only 32 bits wide on 32-bit\nplatforms, which causes `(lcn << lclusterbits)` to be truncated\nat 4 GiB.\n\nIn order to consolidate the logic, just use `u64` consistently\naround the codebase.\n\n[1] https://sashiko.dev/r/20260420034612.1899973-1-hsiangkao%40linux.alibaba.com"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/erofs/zmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"152a333a589560bee002e4c96761f1b560a5793c","lessThan":"4fc9b12e43a3f19a01a8fb61f7961be79de20253","versionType":"git","status":"affected"},{"version":"152a333a589560bee002e4c96761f1b560a5793c","lessThan":"858e4d98a86adf34584767388deb6c9b217f70c5","versionType":"git","status":"affected"},{"version":"152a333a589560bee002e4c96761f1b560a5793c","lessThan":"582b0bf201157632cb5474c885989a6ebda46521","versionType":"git","status":"affected"},{"version":"152a333a589560bee002e4c96761f1b560a5793c","lessThan":"2d8c7edcb661812249469f4a5b62e9339118846f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/erofs/zmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/2d8c7edcb661812249469f4a5b62e9339118846f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4fc9b12e43a3f19a01a8fb61f7961be79de20253","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/582b0bf201157632cb5474c885989a6ebda46521","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/858e4d98a86adf34584767388deb6c9b217f70c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53017","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.020","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix data loss caused by incorrect use of nat_entry flag\n\nData loss can occur when fsync is performed on a newly created file\n(before any checkpoint has been written) concurrently with a checkpoint\noperation. The scenario is as follows:\n\ncreate & write & fsync 'file A'                 write checkpoint\n- f2fs_do_sync_file // inline inode\n - f2fs_write_inode // inode folio is dirty\n                                                - f2fs_write_checkpoint\n                                                 - f2fs_flush_merged_writes\n                                                 - f2fs_sync_node_pages\n                                                 - f2fs_flush_nat_entries\n - f2fs_fsync_node_pages // no dirty node\n - f2fs_need_inode_block_update // return false\n SPO and lost 'file A'\n\nf2fs_flush_nat_entries() sets the IS_CHECKPOINTED and HAS_LAST_FSYNC\nflags for the nat_entry, but this does not mean that the checkpoint has\nactually completed successfully. However, f2fs_need_inode_block_update()\nchecks these flags and incorrectly assumes that the checkpoint has\nfinished.\n\nThe root cause is that the semantics of IS_CHECKPOINTED and\nHAS_LAST_FSYNC are only guaranteed after the checkpoint write fully\ncompletes.\n\nThis patch modifies f2fs_need_inode_block_update() to acquire the\nsbi->node_write lock before reading the nat_entry flags, ensuring that\nonce IS_CHECKPOINTED and HAS_LAST_FSYNC are observed to be set, the\ncheckpoint operation has already completed."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/f2fs/node.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e05df3b115e7308afbca652769b54e4549fcc723","lessThan":"20cedb4d9f6b230d0ee469690b8f868f06a07c29","versionType":"git","status":"affected"},{"version":"e05df3b115e7308afbca652769b54e4549fcc723","lessThan":"238e14eb7226f883b72caccd2d37bf5707df066b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/f2fs/node.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/20cedb4d9f6b230d0ee469690b8f868f06a07c29","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/238e14eb7226f883b72caccd2d37bf5707df066b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53018","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.120","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid reading already updated pages during GC\n\nWe found the following issue during fuzz testing:\n\npage: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9\nmemcg:f8ffff800e269c00\naops:f2fs_meta_aops ino:2\nflags: 0x52880000000080a9(locked|waiters|uptodate|lru|private|zone=1|kasantag=0x4a)\nraw: 52880000000080a9 fffffffec6e17588 fffffffec0ccc088 a7ffff8067063618\nraw: 000000000018b2dc 0000000000000009 00000003ffffffff f8ffff800e269c00\npage dumped because: VM_BUG_ON_FOLIO(folio_test_uptodate(folio))\npage_owner tracks the page as allocated\n post_alloc_hook+0x58c/0x5ec\n prep_new_page+0x34/0x284\n get_page_from_freelist+0x2dcc/0x2e8c\n __alloc_pages_noprof+0x280/0x76c\n __folio_alloc_noprof+0x18/0xac\n __filemap_get_folio+0x6bc/0xdc4\n pagecache_get_page+0x3c/0x104\n do_garbage_collect+0x5c78/0x77a4\n f2fs_gc+0xd74/0x25f0\n gc_thread_func+0xb28/0x2930\n kthread+0x464/0x5d8\n ret_from_fork+0x10/0x20\n------------[ cut here ]------------\nkernel BUG at mm/filemap.c:1563!\n folio_end_read+0x140/0x168\n f2fs_finish_read_bio+0x5c4/0xb80\n f2fs_read_end_io+0x64c/0x708\n bio_endio+0x85c/0x8c0\n blk_update_request+0x690/0x127c\n scsi_end_request+0x9c/0xb8c\n scsi_io_completion+0xf0/0x250\n scsi_finish_command+0x430/0x45c\n scsi_complete+0x178/0x6d4\n blk_mq_complete_request+0xcc/0x104\n scsi_done_internal+0x214/0x454\n scsi_done+0x24/0x34\n\nwhich is similar to the problem reported by syzbot:\nhttps://syzkaller.appspot.com/bug?extid=3686758660f980b402dc\n\nThis case is consistent with the description in commit 9bf1a3f\n(\"f2fs: avoid GC causing encrypted file corrupted\"):\nPage 1 is moved from blkaddr A to blkaddr B by move_data_block, and after\nbeing written it is marked as uptodate. Then, Page 1 is moved from blkaddr\nB to blkaddr C, VM_BUG_ON_FOLIO was triggered in the endio initiated by\nra_data_block.\n\nThere is no need to read Page 1 again from blkaddr B, since it has already\nbeen updated. Therefore, avoid initiating I/O in this case."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/f2fs/gc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6aa58d8ad20a3323f42274c25820a6f54192422d","lessThan":"4623c251496b99c530ce225c05334f4eac8b933a","versionType":"git","status":"affected"},{"version":"6aa58d8ad20a3323f42274c25820a6f54192422d","lessThan":"b663ebb8a340eae5442e605b6acd2cff5677f016","versionType":"git","status":"affected"},{"version":"6aa58d8ad20a3323f42274c25820a6f54192422d","lessThan":"570e2ccc7cb35fe720106964e65060602d3d2ac4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/f2fs/gc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4623c251496b99c530ce225c05334f4eac8b933a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/570e2ccc7cb35fe720106964e65060602d3d2ac4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b663ebb8a340eae5442e605b6acd2cff5677f016","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53019","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.227","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: spacemit: ccu_mix: fix inverted condition in ccu_mix_trigger_fc()\n\nFix inverted condition that skips frequency change trigger,\ncausing kernel panics during cpufreq scaling."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/clk/spacemit/ccu_mix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1b72c59db0add8e47fa116b21f78ed0b09a264f3","lessThan":"da99d0302d3ccccfb13c69e663bf8eae698b9562","versionType":"git","status":"affected"},{"version":"1b72c59db0add8e47fa116b21f78ed0b09a264f3","lessThan":"16dfbc4e95c46dd9c79cb8d550c7f267d4a79b91","versionType":"git","status":"affected"},{"version":"1b72c59db0add8e47fa116b21f78ed0b09a264f3","lessThan":"54e97360b44bed6b4399dd3be3d65f392df940fa","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/clk/spacemit/ccu_mix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/16dfbc4e95c46dd9c79cb8d550c7f267d4a79b91","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/54e97360b44bed6b4399dd3be3d65f392df940fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/da99d0302d3ccccfb13c69e663bf8eae698b9562","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53020","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.317","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\num: Fix potential race condition in TLB sync\n\nDuring the TLB sync, we need to traverse and modify the page table,\nso we should hold the page table lock. Since full SMP support for\nthreads within the same process is still missing, let's disable the\nsplit page table lock for simplicity."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/um/kernel/tlb.c","mm/Kconfig"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1e4ee5135d814fe4785890790cec81c3132888fb","lessThan":"f21c343ec7419377bff89ab11146c03ae117036f","versionType":"git","status":"affected"},{"version":"1e4ee5135d814fe4785890790cec81c3132888fb","lessThan":"102331b66bcaf1f41f50b9c4cd5c36e46bafa9f3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/um/kernel/tlb.c","mm/Kconfig"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/102331b66bcaf1f41f50b9c4cd5c36e46bafa9f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f21c343ec7419377bff89ab11146c03ae117036f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53021","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.410","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix integer overflow in UNMAP bounds check\n\nsbc_execute_unmap() checks LBA + range does not exceed the device capacity,\nbut does not guard against LBA + range wrapping around on 64-bit overflow.\n\nAdd an overflow check matching the pattern already used for WRITE_SAME in\nthe same file."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/target/target_core_sbc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"c08ab702c4699c6efb9d60bdb15b73e7a627ee7e","versionType":"git","status":"affected"},{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"2e1ed9a7b6ea5bfefb5d80a02b1c71c7dee1f0dd","versionType":"git","status":"affected"},{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"5efc3ef4758f8d98c257419fa21daca3227de61a","versionType":"git","status":"affected"},{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"d7aef29573c7c5cdb2dfad939253287a6329c2a4","versionType":"git","status":"affected"},{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"3facdecc3fcf115cc4f9b3d8f118d6705e2456a8","versionType":"git","status":"affected"},{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"51075df70c46e60a9773f2dcd28299e40dac36fb","versionType":"git","status":"affected"},{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"02115986d027ade793e7f6be87e91d6a796d0aa3","versionType":"git","status":"affected"},{"version":"86d7182985d25900929adce14fffd729cc8c6fb8","lessThan":"2bf2d65f76697820dbc4227d13866293576dd90a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/target/target_core_sbc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/02115986d027ade793e7f6be87e91d6a796d0aa3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2bf2d65f76697820dbc4227d13866293576dd90a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2e1ed9a7b6ea5bfefb5d80a02b1c71c7dee1f0dd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3facdecc3fcf115cc4f9b3d8f118d6705e2456a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/51075df70c46e60a9773f2dcd28299e40dac36fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5efc3ef4758f8d98c257419fa21daca3227de61a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c08ab702c4699c6efb9d60bdb15b73e7a627ee7e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d7aef29573c7c5cdb2dfad939253287a6329c2a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53022","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.527","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: bound enumeration string aggregation\n\npopulate_enum_data() aggregates firmware-provided value-modifier\nand possible-value strings into fixed 512-byte struct members.\nThe current code bounds each individual source string but then\nappends every string and separator with raw strcat() and no\nremaining-space check.\n\nSwitch the aggregation loops to a bounded append helper and\nreject enumeration packages whose combined strings do not fit\nin the destination buffers.\n\n[ij: add include]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e8a60aa7404bfef37705da5607c97737073ac38d","lessThan":"7b3dc1f764bf24eb99474a5de8173b0b43a8b071","versionType":"git","status":"affected"},{"version":"e8a60aa7404bfef37705da5607c97737073ac38d","lessThan":"75c738d4f27fa18a2a033de153bd40302bde6a66","versionType":"git","status":"affected"},{"version":"e8a60aa7404bfef37705da5607c97737073ac38d","lessThan":"ba0843c1955864401295f7ba3b420afe19f2266d","versionType":"git","status":"affected"},{"version":"e8a60aa7404bfef37705da5607c97737073ac38d","lessThan":"5a04f9a36930792f6d64e28d43609e158d09b665","versionType":"git","status":"affected"},{"version":"e8a60aa7404bfef37705da5607c97737073ac38d","lessThan":"c5683ca4949a514fbe656c6d0d08c4c126e21db9","versionType":"git","status":"affected"},{"version":"e8a60aa7404bfef37705da5607c97737073ac38d","lessThan":"90b118d264845f7aaf539ac49f7c75f1f29590e2","versionType":"git","status":"affected"},{"version":"e8a60aa7404bfef37705da5607c97737073ac38d","lessThan":"3c34471c26abc52a37f5ad90949e2e4b8027eb14","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/3c34471c26abc52a37f5ad90949e2e4b8027eb14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5a04f9a36930792f6d64e28d43609e158d09b665","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/75c738d4f27fa18a2a033de153bd40302bde6a66","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7b3dc1f764bf24eb99474a5de8173b0b43a8b071","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/90b118d264845f7aaf539ac49f7c75f1f29590e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ba0843c1955864401295f7ba3b420afe19f2266d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c5683ca4949a514fbe656c6d0d08c4c126e21db9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53023","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.643","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: terminate the cached volume label after UTF-8 conversion\n\nntfs_fill_super() loads the on-disk volume label with utf16s_to_utf8s()\nand stores the result in sbi->volume.label. The converted label is later\nexposed through ntfs3_label_show() using %s, but utf16s_to_utf8s() only\nreturns the number of bytes written and does not add a trailing NUL.\n\nIf the converted label fills the entire fixed buffer,\nntfs3_label_show() can read past the end of sbi->volume.label while\nlooking for a terminator.\n\nTerminate the cached label explicitly after a successful conversion and\nclamp the exact-full case to the last byte of the buffer."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"32b0686369e0afbb3549a0d93e2d8517da84cd30","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"bc7a0c34c4ca259cfddf3bc18fc5b3c6411d26ed","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"0b11fcbe80a59acdf58337d80ebb5f72201d73d6","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"54d564b762389679e2f8fb9eeb20af7e82371e1c","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"6136bbb054f7ab9f51ae99915541633b18bcef90","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"5cd0707b81cb4589f00aec5c4c1288bd0980d2a4","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"a6cd43fe9b083fa23fe1595666d5738856cb261a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0b11fcbe80a59acdf58337d80ebb5f72201d73d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/32b0686369e0afbb3549a0d93e2d8517da84cd30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/54d564b762389679e2f8fb9eeb20af7e82371e1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5cd0707b81cb4589f00aec5c4c1288bd0980d2a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6136bbb054f7ab9f51ae99915541633b18bcef90","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a6cd43fe9b083fa23fe1595666d5738856cb261a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bc7a0c34c4ca259cfddf3bc18fc5b3c6411d26ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53024","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.760","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: raw: fix use-after-free if write is called after disconnect\n\nIf a user writes to the chardev after disconnect has been called, the\nkernel panics with the following trace (with\nCONFIG_INIT_ON_FREE_DEFAULT_ON=y):\n\n        BUG: kernel NULL pointer dereference, address: 0000000000000218\n         ...\n        Call Trace:\n         <TASK>\n         gb_operation_create_common+0x61/0x180\n         gb_operation_create_flags+0x28/0xa0\n         gb_operation_sync_timeout+0x6f/0x100\n         raw_write+0x7b/0xc7 [gb_raw]\n         vfs_write+0xcf/0x420\n         ? task_mm_cid_work+0x136/0x220\n         ksys_write+0x63/0xe0\n         do_syscall_64+0xa4/0x290\n         entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nDisconnect calls gb_connection_destroy, which ends up freeing the\nconnection object. When gb_operation_sync is called in the write file\noperations, its gets a freed connection as parameter and the kernel\npanics.\n\nThe gb_connection_destroy cannot be moved out of the disconnect\nfunction, as the Greybus subsystem expect all connections belonging to a\nbundle to be destroyed when disconnect returns.\n\nTo prevent this bug, use a rw lock to synchronize access between write\nand disconnect. This guarantees that the write function doesn't try\nto use a disconnected connection."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/staging/greybus/raw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e806c7fb8e9bae87fc23958c3789f2c2f96f54a4","lessThan":"48d6c32bc049abd114e8f0836c0e7d7cbfba7827","versionType":"git","status":"affected"},{"version":"e806c7fb8e9bae87fc23958c3789f2c2f96f54a4","lessThan":"84265cbd96b97058ef67e3f8be3933667a000835","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/staging/greybus/raw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/48d6c32bc049abd114e8f0836c0e7d7cbfba7827","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/84265cbd96b97058ef67e3f8be3933667a000835","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53025","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.857","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: raw: fix use-after-free on cdev close\n\nThis addresses a use-after-free bug when a raw bundle is disconnected\nbut its chardev is still opened by an application. When the application\nreleases the cdev, it causes the following panic when init on free is\nenabled (CONFIG_INIT_ON_FREE_DEFAULT_ON=y):\n\n        refcount_t: underflow; use-after-free.\n        WARNING: CPU: 0 PID: 139 at lib/refcount.c:28 refcount_warn_saturate+0xd0/0x130\n         ...\n        Call Trace:\n         <TASK>\n         cdev_put+0x18/0x30\n         __fput+0x255/0x2a0\n         __x64_sys_close+0x3d/0x80\n         do_syscall_64+0xa4/0x290\n         entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe cdev is contained in the \"gb_raw\" structure, which is freed in the\ndisconnect operation. When the cdev is released at a later time,\ncdev_put gets an address that points to freed memory.\n\nTo fix this use-after-free, convert the struct device from a pointer to\nbeing embedded, that makes the lifetime of the cdev and of this device\nthe same. Then, use cdev_device_add, which guarantees that the device\nwon't be released until all references to the cdev have been released.\nFinally, delegate the freeing of the structure to the device release\nfunction, instead of freeing immediately in the disconnect callback."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/staging/greybus/raw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e806c7fb8e9bae87fc23958c3789f2c2f96f54a4","lessThan":"ef2d97c15b19b3489de01695bce478601e236c3e","versionType":"git","status":"affected"},{"version":"e806c7fb8e9bae87fc23958c3789f2c2f96f54a4","lessThan":"983cc2c7efbce04ecbf6328448d895044dd6ab31","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/staging/greybus/raw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/983cc2c7efbce04ecbf6328448d895044dd6ab31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ef2d97c15b19b3489de01695bce478601e236c3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53026","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:13.960","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg\n\nIn nfsd4_add_rdaccess_to_wrdeleg, if fp->fi_fds[O_RDONLY] is already\nset by another thread, __nfs4_file_get_access should not be called\nto increment the nfs4_file access count since that was already done\nby the thread that added READ access to the file. The extra fi_access\ncount in nfs4_file can prevent the corresponding nfsd_file from being\nfreed.\n\nWhen stopping nfs-server service, these extra access counts trigger a\nBUG in kmem_cache_destroy() that shows nfsd_file object remaining on\n__kmem_cache_shutdown.\n\nThis problem can be reproduced by running the Git project's test\nsuite over NFS."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/nfsd/nfs4state.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c07dc84ed67c5a182273171639bacbbb87c12175","lessThan":"4584229395d0d65bd517780afe97ffea07cb2c3d","versionType":"git","status":"affected"},{"version":"8072e34e1387d03102b788677d491e2bcceef6f5","lessThan":"b81572b073441dfd32213e41857676d0dbff4665","versionType":"git","status":"affected"},{"version":"8072e34e1387d03102b788677d491e2bcceef6f5","lessThan":"b48f44f36e6607b2f818560f19deb86b4a9c717b","versionType":"git","status":"affected"},{"version":"6.18.4","lessThan":"6.18.33","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/nfsd/nfs4state.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"references":[{"url":"https://git.kernel.org/stable/c/4584229395d0d65bd517780afe97ffea07cb2c3d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b48f44f36e6607b2f818560f19deb86b4a9c717b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b81572b073441dfd32213e41857676d0dbff4665","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53027","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.087","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()\n\nWhen a compressed or sparse attribute has its clusters frame-aligned,\nvcn is rounded down to the frame start using cmask, which can result\nin vcn != vcn0. In this case, vcn and vcn0 may reside in different\nattribute segments.\n\nThe code already handles the case where vcn is in a different segment\nby loading its runs before allocation. However, it fails to load runs\nfor vcn0 when vcn0 resides in a different segment than vcn. This causes\nrun_lookup_entry() to return SPARSE_LCN for vcn0 since its segment was\nnever loaded into the in-memory run list, triggering the WARN_ON(1).\n\nFix this by adding a missing check for vcn0 after the existing vcn\nsegment check. If vcn0 falls outside the current segment range\n[svcn, evcn1), find and load the attribute segment containing vcn0\nbefore performing the run lookup.\n\nThe following scenario triggers the bug:\n  attr_data_get_block_locked()\n    vcn = vcn0 & cmask        <- vcn != vcn0 after frame alignment\n    load runs for vcn segment <- vcn0 segment not loaded!\n    attr_allocate_clusters()  <- allocation succeeds\n    run_lookup_entry(vcn0)    <- vcn0 not in run -> SPARSE_LCN\n    WARN_ON(1)                <- bug fires here!"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/attrib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54","versionType":"git","status":"affected"},{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"d7ea8495fd307b58f8867acd81a1b40075b1d3ba","versionType":"git","status":"affected"},{"version":"406a037d93b769bca248476bd14bbe548dc1ec35","versionType":"git","status":"affected"},{"version":"6.1.132","lessThan":"6.2","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/attrib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d7ea8495fd307b58f8867acd81a1b40075b1d3ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53028","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.200","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: Fix error pointer dereference\n\nThe variable tps->partner is checked for an error pointer and then if it\nis, it sends an error message but does not return and then immediately\ndereferenced a few lines below:\n\ntps->partner = typec_register_partner(tps->port, &desc);\nif (IS_ERR(tps->partner))\n\tdev_warn(tps->dev, \"%s: failed to register partnet\\n\", __func__);\n\nif (desc.identity) {\n\ttypec_partner_set_identity(tps->partner);\n\tcd321x->cur_partner_identity = st.partner_identity;\n}\n\nAdd early return and fix spelling mistake in error message.\n\nDetected by Smatch:\ndrivers/usb/typec/tipd/core.c:827 cd321x_update_work() error:\n'tps->partner' dereferencing possible ERR_PTR()"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/usb/typec/tipd/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"82432bbfb9e83b7e81d04660fe129b99a29b2ac2","lessThan":"19951118fb22b5ad512379ee64510fe0e2c40eb3","versionType":"git","status":"affected"},{"version":"82432bbfb9e83b7e81d04660fe129b99a29b2ac2","lessThan":"9e31082f92c913d74fefb4e60cd0284e605ba3a3","versionType":"git","status":"affected"},{"version":"82432bbfb9e83b7e81d04660fe129b99a29b2ac2","lessThan":"f2529d08fcb429ea01bb87c326342f41483f8b2f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/usb/typec/tipd/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/19951118fb22b5ad512379ee64510fe0e2c40eb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9e31082f92c913d74fefb4e60cd0284e605ba3a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f2529d08fcb429ea01bb87c326342f41483f8b2f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53029","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.297","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: prevent uninitialized lcn caused by zero len\n\nsyzbot reported a uninit-value in ntfs_iomap_begin [1].\n\nSince runs was not touched yet, run_lookup_entry() immediately fails\nand returns false, which makes the value of \"*len\" 0.\nSimultaneously, the new value and err value are also 0, causing the\nlogic in attr_data_get_block_locked() to jump directly to ok, ultimately\nresulting in *lcn being triggered before it is set [1].\n\nIn ntfs_iomap_begin(), the check for a 0 value in clen is moved forward\nto before updating lcn to avoid this [1].\n\n[1]\nBUG: KMSAN: uninit-value in ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825\n ntfs_iomap_begin+0x8c0/0x1460 fs/ntfs3/inode.c:825\n iomap_iter+0x9b7/0x1540 fs/iomap/iter.c:110\n\nLocal variable lcn created at:\n ntfs_iomap_begin+0x15d/0x1460 fs/ntfs3/inode.c:786"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/inode.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"10d7c95af043b45a85dc738c3271bf760ff3577e","lessThan":"485f750cac3d8bdf5552a0e3d79ce5e3a03ece49","versionType":"git","status":"affected"},{"version":"10d7c95af043b45a85dc738c3271bf760ff3577e","lessThan":"e98266e823a1fa06fe6499df61aeaac2fd6f7a49","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/inode.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/485f750cac3d8bdf5552a0e3d79ce5e3a03ece49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e98266e823a1fa06fe6499df61aeaac2fd6f7a49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53031","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.490","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Validate node_id in arena_alloc_pages()\n\narena_alloc_pages() accepts a plain int node_id and forwards it through\nthe entire allocation chain without any bounds checking.\n\nValidate node_id before passing it down the allocation chain in\narena_alloc_pages()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/arena.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"31d3b4b28e55835646d6829d60023f730dd34e85","versionType":"git","status":"affected"},{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"e15900888c09480a4c632bc598f1c5bd39bed6d6","versionType":"git","status":"affected"},{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"fb66e20130f95a93ffea1677252526a9e39170b2","versionType":"git","status":"affected"},{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"2845989f2ebaf7848e4eccf9a779daf3156ea0a5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/arena.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/2845989f2ebaf7848e4eccf9a779daf3156ea0a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/31d3b4b28e55835646d6829d60023f730dd34e85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e15900888c09480a4c632bc598f1c5bd39bed6d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fb66e20130f95a93ffea1677252526a9e39170b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53033","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.700","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Take state lock for af_unix iter\n\nWhen a BPF iterator program updates a sockmap, there is a race condition in\nunix_stream_bpf_update_proto() where the `peer` pointer can become stale[1]\nduring a state transition TCP_ESTABLISHED -> TCP_CLOSE.\n\n        CPU0 bpf                          CPU1 close\n        --------                          ----------\n// unix_stream_bpf_update_proto()\nsk_pair = unix_peer(sk)\nif (unlikely(!sk_pair))\n   return -EINVAL;\n                                     // unix_release_sock()\n                                     skpair = unix_peer(sk);\n                                     unix_peer(sk) = NULL;\n                                     sock_put(skpair)\nsock_hold(sk_pair) // UaF\n\nMore practically, this fix guarantees that the iterator program is\nconsistently provided with a unix socket that remains stable during\niterator execution.\n\n[1]:\nBUG: KASAN: slab-use-after-free in unix_stream_bpf_update_proto+0x155/0x490\nWrite of size 4 at addr ffff8881178c9a00 by task test_progs/2231\nCall Trace:\n dump_stack_lvl+0x5d/0x80\n print_report+0x170/0x4f3\n kasan_report+0xe4/0x1c0\n kasan_check_range+0x125/0x200\n unix_stream_bpf_update_proto+0x155/0x490\n sock_map_link+0x71c/0xec0\n sock_map_update_common+0xbc/0x600\n sock_map_update_elem+0x19a/0x1f0\n bpf_prog_bbbf56096cdd4f01_selective_dump_unix+0x20c/0x217\n bpf_iter_run_prog+0x21e/0xae0\n bpf_iter_unix_seq_show+0x1e0/0x2a0\n bpf_seq_read+0x42c/0x10d0\n vfs_read+0x171/0xb20\n ksys_read+0xff/0x200\n do_syscall_64+0xf7/0x5e0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2236:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x63/0x80\n kmem_cache_alloc_noprof+0x1d5/0x680\n sk_prot_alloc+0x59/0x210\n sk_alloc+0x34/0x470\n unix_create1+0x86/0x8a0\n unix_stream_connect+0x318/0x15b0\n __sys_connect+0xfd/0x130\n __x64_sys_connect+0x72/0xd0\n do_syscall_64+0xf7/0x5e0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2236:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n __kasan_slab_free+0x47/0x70\n kmem_cache_free+0x11c/0x590\n __sk_destruct+0x432/0x6e0\n unix_release_sock+0x9b3/0xf60\n unix_release+0x8a/0xf0\n __sock_release+0xb0/0x270\n sock_close+0x18/0x20\n __fput+0x36e/0xac0\n fput_close_sync+0xe5/0x1a0\n __x64_sys_close+0x7d/0xd0\n do_syscall_64+0xf7/0x5e0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"c6f4015eac2e3cbc3cb7a17539e10bbb5c2049c3","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"d0d124dbcef9318e326956137b31671407094bd4","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"1a59cc6b65fd3ad9915aae5970d859109d4ce9fb","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"921920c34cb591947dd30c692500795a69f1e3fa","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"98f744d204e5d6fca589cd2c44c3190a0c71697f","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"64c2f93fc3254d3bf5de4445fb732ee5c451edb6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a59cc6b65fd3ad9915aae5970d859109d4ce9fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/64c2f93fc3254d3bf5de4445fb732ee5c451edb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/921920c34cb591947dd30c692500795a69f1e3fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/98f744d204e5d6fca589cd2c44c3190a0c71697f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c6f4015eac2e3cbc3cb7a17539e10bbb5c2049c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d0d124dbcef9318e326956137b31671407094bd4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://access.redhat.com/security/cve/CVE-2026-53033","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492281","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53033.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-53034","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.843","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix af_unix null-ptr-deref in proto update\n\nunix_stream_connect() sets sk_state (`WRITE_ONCE(sk->sk_state,\nTCP_ESTABLISHED)`) _before_ it assigns a peer (`unix_peer(sk) = newsk`).\nsk_state == TCP_ESTABLISHED makes sock_map_sk_state_allowed() believe that\nsocket is properly set up, which would include having a defined peer. IOW,\nthere's a window when unix_stream_bpf_update_proto() can be called on\nsocket which still has unix_peer(sk) == NULL.\n\n         CPU0 bpf                            CPU1 connect\n         --------                            ------------\n\n                                WRITE_ONCE(sk->sk_state, TCP_ESTABLISHED)\nsock_map_sk_state_allowed(sk)\n...\nsk_pair = unix_peer(sk)\nsock_hold(sk_pair)\n                                sock_hold(newsk)\n                                smp_mb__after_atomic()\n                                unix_peer(sk) = newsk\n\nBUG: kernel NULL pointer dereference, address: 0000000000000080\nRIP: 0010:unix_stream_bpf_update_proto+0xa0/0x1b0\nCall Trace:\n  sock_map_link+0x564/0x8b0\n  sock_map_update_common+0x6e/0x340\n  sock_map_update_elem_sys+0x17d/0x240\n  __sys_bpf+0x26db/0x3250\n  __x64_sys_bpf+0x21/0x30\n  do_syscall_64+0x6b/0x3a0\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nInitial idea was to move peer assignment _before_ the sk_state update[1],\nbut that involved an additional memory barrier, and changing the hot path\nwas rejected.\nThen a NULL check during proto update in unix_stream_bpf_update_proto() was\nconsidered[2], but the follow-up discussion[3] focused on the root cause,\ni.e. sockmap update taking a wrong lock. Or, more specifically, missing\nunix_state_lock()[4].\nIn the end it was concluded that teaching sockmap about the af_unix locking\nwould be unnecessarily complex[5].\nComplexity aside, since BPF_PROG_TYPE_SCHED_CLS and BPF_PROG_TYPE_SCHED_ACT\nare allowed to update sockmaps, sock_map_update_elem() taking the unix\nlock, as it is currently implemented in unix_state_lock():\nspin_lock(&unix_sk(s)->lock), would be problematic. unix_state_lock() taken\nin a process context, followed by a softirq-context TC BPF program\nattempting to take the same spinlock -- deadlock[6].\nThis way we circled back to the peer check idea[2].\n\n[1]: https://lore.kernel.org/netdev/ba5c50aa-1df4-40c2-ab33-a72022c5a32e@rbox.co/\n[2]: https://lore.kernel.org/netdev/20240610174906.32921-1-kuniyu@amazon.com/\n[3]: https://lore.kernel.org/netdev/7603c0e6-cd5b-452b-b710-73b64bd9de26@linux.dev/\n[4]: https://lore.kernel.org/netdev/CAAVpQUA+8GL_j63CaKb8hbxoL21izD58yr1NvhOhU=j+35+3og@mail.gmail.com/\n[5]: https://lore.kernel.org/bpf/CAAVpQUAHijOMext28Gi10dSLuMzGYh+jK61Ujn+fZ-wvcODR2A@mail.gmail.com/\n[6]: https://lore.kernel.org/bpf/dd043c69-4d03-46fe-8325-8f97101435cf@linux.dev/\n\nSummary of scenarios where af_unix/stream connect() may race a sockmap\nupdate:\n\n1. connect() vs. bpf(BPF_MAP_UPDATE_ELEM), i.e. sock_map_update_elem_sys()\n\n   Implemented NULL check is sufficient. Once assigned, socket peer won't\n   be released until socket fd is released. And that's not an issue because\n   sock_map_update_elem_sys() bumps fd refcnf.\n\n2. connect() vs BPF program doing update\n\n   Update restricted per verifier.c:may_update_sockmap() to\n\n      BPF_PROG_TYPE_TRACING/BPF_TRACE_ITER\n      BPF_PROG_TYPE_SOCK_OPS (bpf_sock_map_update() only)\n      BPF_PROG_TYPE_SOCKET_FILTER\n      BPF_PROG_TYPE_SCHED_CLS\n      BPF_PROG_TYPE_SCHED_ACT\n      BPF_PROG_TYPE_XDP\n      BPF_PROG_TYPE_SK_REUSEPORT\n      BPF_PROG_TYPE_FLOW_DISSECTOR\n      BPF_PROG_TYPE_SK_LOOKUP\n\n   Plus one more race to consider:\n\n            CPU0 bpf                            CPU1 connect\n            --------                            ------------\n\n                                   WRITE_ONCE(sk->sk_state, TCP_ESTABLISHED)\n   sock_map_sk_state_allowed(sk)\n                                   sock_hold(newsk)\n                                   smp_mb__after_atomic()\n                \n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/unix/unix_bpf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c63829182c37c2d6d0608976d15fa61ebebe9e6b","lessThan":"75b7d3b3f8bd4e59eb3af1b11a43c64c0c2db6f4","versionType":"git","status":"affected"},{"version":"c63829182c37c2d6d0608976d15fa61ebebe9e6b","lessThan":"a94d3dd78ee8b63e6b8ad629081c952c93ee5a10","versionType":"git","status":"affected"},{"version":"c63829182c37c2d6d0608976d15fa61ebebe9e6b","lessThan":"4913c94a3adcdbb64c552110c0c243cb1fdbb317","versionType":"git","status":"affected"},{"version":"c63829182c37c2d6d0608976d15fa61ebebe9e6b","lessThan":"041eb6348d73ee5e15fc8161f1eac5a6e8289ca0","versionType":"git","status":"affected"},{"version":"c63829182c37c2d6d0608976d15fa61ebebe9e6b","lessThan":"37bfcd164161b47d00b1c3bd20adc816a6977ce0","versionType":"git","status":"affected"},{"version":"c63829182c37c2d6d0608976d15fa61ebebe9e6b","lessThan":"dca38b7734d2ea00af4818ff3ae836fab33d5d5a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/unix/unix_bpf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/041eb6348d73ee5e15fc8161f1eac5a6e8289ca0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/37bfcd164161b47d00b1c3bd20adc816a6977ce0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4913c94a3adcdbb64c552110c0c243cb1fdbb317","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/75b7d3b3f8bd4e59eb3af1b11a43c64c0c2db6f4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a94d3dd78ee8b63e6b8ad629081c952c93ee5a10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dca38b7734d2ea00af4818ff3ae836fab33d5d5a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53035","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.990","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix af_unix iter deadlock\n\nbpf_iter_unix_seq_show() may deadlock when lock_sock_fast() takes the fast\npath and the iter prog attempts to update a sockmap. Which ends up spinning\nat sock_map_update_elem()'s bh_lock_sock():\n\nWARNING: possible recursive locking detected\ntest_progs/1393 is trying to acquire lock:\nffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: sock_map_update_elem+0xdb/0x1f0\n\nbut task is already holding lock:\nffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: __lock_sock_fast+0x37/0xe0\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n       CPU0\n       ----\n  lock(slock-AF_UNIX);\n  lock(slock-AF_UNIX);\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n4 locks held by test_progs/1393:\n #0: ffff88814b59c790 (&p->lock){+.+.}-{4:4}, at: bpf_seq_read+0x59/0x10d0\n #1: ffff88811ec25fd8 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: bpf_seq_read+0x42c/0x10d0\n #2: ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: __lock_sock_fast+0x37/0xe0\n #3: ffffffff85a6a7c0 (rcu_read_lock){....}-{1:3}, at: bpf_iter_run_prog+0x51d/0xb00\n\nCall Trace:\n dump_stack_lvl+0x5d/0x80\n print_deadlock_bug.cold+0xc0/0xce\n __lock_acquire+0x130f/0x2590\n lock_acquire+0x14e/0x2b0\n _raw_spin_lock+0x30/0x40\n sock_map_update_elem+0xdb/0x1f0\n bpf_prog_2d0075e5d9b721cd_dump_unix+0x55/0x4f4\n bpf_iter_run_prog+0x5b9/0xb00\n bpf_iter_unix_seq_show+0x1f7/0x2e0\n bpf_seq_read+0x42c/0x10d0\n vfs_read+0x171/0xb20\n ksys_read+0xff/0x200\n do_syscall_64+0x6b/0x3a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"bd3592129f24243713673a07225cf1f15a9bb835","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"3cef33b9813b78f227942572fb317afcd5c9ac94","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"87828b380956d4986f59f2c086e0b09b3e6cdaae","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"527057ebe8076dfbcaef51195ff1b7508646be2c","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"66d9fab4565eafe1afe7ba0581f79b76073b60fa","versionType":"git","status":"affected"},{"version":"2c860a43dd77f969bb959336a2f743d7103a8f63","lessThan":"4d328dd695383224aa750ddee6b4ad40c0f8d205","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/3cef33b9813b78f227942572fb317afcd5c9ac94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4d328dd695383224aa750ddee6b4ad40c0f8d205","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/527057ebe8076dfbcaef51195ff1b7508646be2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/66d9fab4565eafe1afe7ba0581f79b76073b60fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/87828b380956d4986f59f2c086e0b09b3e6cdaae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bd3592129f24243713673a07225cf1f15a9bb835","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53036","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:15.137","lastModified":"2026-07-10T19:24:19.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix off-by-one in check_imm signed range check\n\ncheck_imm(bits, imm) is used in the arm64 BPF JIT to verify that\na branch displacement (in arm64 instruction units) fits into the\nsigned N-bit immediate field of a B, B.cond or CBZ/CBNZ encoding\nbefore it is handed to the encoder. The macro currently tests for\n(imm > 0 && imm >> bits) || (imm < 0 && ~imm >> bits) which admits\nvalues in [-2^N, 2^N) — effectively a signed (N+1)-bit range. A\nsigned N-bit field only holds [-2^(N-1), 2^(N-1)), so the check\nadmits one extra bit of range on each side.\n\nIn particular, for check_imm19(), values in [2^18, 2^19) slip past\nthe check but do not fit into the 19-bit signed imm19 field of\nB.cond. aarch64_insn_encode_immediate() then masks the raw value\ninto the 19-bit field, setting bit 18 (the sign bit) and flipping\na forward branch into a backward one. Same class of issue exists\nfor check_imm26() and the B/BL encoding. Shift by (bits - 1)\ninstead of bits so the actual signed N-bit range is enforced."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/arm64/net/bpf_jit_comp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e54bcde3d69d40023ae77727213d14f920eb264a","lessThan":"a5dfeb3b61065039488342d43ae06d4729d955d4","versionType":"git","status":"affected"},{"version":"e54bcde3d69d40023ae77727213d14f920eb264a","lessThan":"7fd3b41260c6120e7b60164afea5d961af6224f9","versionType":"git","status":"affected"},{"version":"e54bcde3d69d40023ae77727213d14f920eb264a","lessThan":"6927f0d6794aa73318bbfa929f1ff6065b0620df","versionType":"git","status":"affected"},{"version":"e54bcde3d69d40023ae77727213d14f920eb264a","lessThan":"1a113b5497297871699cd498b1b83542e0db7f15","versionType":"git","status":"affected"},{"version":"e54bcde3d69d40023ae77727213d14f920eb264a","lessThan":"fb74defa1cca1a73177c0c761e641332e4f979a3","versionType":"git","status":"affected"},{"version":"e54bcde3d69d40023ae77727213d14f920eb264a","lessThan":"1dd8be4ec722ce54e4cace59f3a4ba658111b3ec","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/arm64/net/bpf_jit_comp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.18","status":"affected"},{"version":"0","lessThan":"3.18","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"references":[{"url":"https://git.kernel.org/stable/c/1a113b5497297871699cd498b1b83542e0db7f15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1dd8be4ec722ce54e4cace59f3a4ba658111b3ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6927f0d6794aa73318bbfa929f1ff6065b0620df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7fd3b41260c6120e7b60164afea5d961af6224f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a5dfeb3b61065039488342d43ae06d4729d955d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fb74defa1cca1a73177c0c761e641332e4f979a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-57589","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T01:16:26.537","lastModified":"2026-07-10T16:39:52.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget()."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenBSD","product":"OpenBSD","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-57589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*","versionEndIncluding":"7.9","matchCriteriaId":"2A4C65E8-9C59-4F6F-A5E1-74401542604D"}]}]}],"references":[{"url":"https://github.com/openbsd/src/commit/1957873d2063db11dab780eca75b5e629d1e838d","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://openai.com/index/patch-the-planet/","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-24815","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:32.473","lastModified":"2026-07-10T17:07:58.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<25R2-NM","status":"affected"},{"version":"≥25R2-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:28:43.371983Z","id":"CVE-2025-24815","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-24816","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:33.617","lastModified":"2026-07-10T17:08:40.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<25R2-NM","status":"affected"},{"version":"≥25R2-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:30:08.532062Z","id":"CVE-2025-24816","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-7406","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2026-06-30T10:16:33.720","lastModified":"2026-07-10T17:17:29.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts."}],"affected":[{"source":"b48c3b8f-639e-4c16-8725-497bc411dad0","affectedData":[{"vendor":"Nokia","product":"MantaRay NM","versions":[{"version":"<NM 25R1-NM","status":"affected"},{"version":"≥NM 25R1-NM","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:31:19.958711Z","id":"CVE-2025-7406","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*","versionEndExcluding":"25R2-NM","matchCriteriaId":"8B6443BC-E253-42E1-83CD-E681CBE3F6BE"}]}]}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14534","sourceIdentifier":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","published":"2026-07-04T14:16:28.400","lastModified":"2026-07-10T15:10:15.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern."}],"affected":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","affectedData":[{"vendor":"trailofbits","product":"fickling","defaultStatus":"unaffected","collectionURL":"https://pypi.org/project/fickling/","packageName":"fickling","versions":[{"version":"0","lessThanOrEqual":"0.1.10","versionType":"custom","status":"affected"},{"version":"0.1.11","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:59:25.631510Z","id":"CVE-2026-14534","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","type":"Secondary","description":[{"lang":"en","value":"CWE-184"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:python:*:*","versionEndIncluding":"0.1.10","matchCriteriaId":"7D2B4444-58DC-4227-BBD7-D68FB61FA761"}]}]}],"references":[{"url":"https://github.com/trailofbits/fickling/commit/e8408615b63adf034f891f653692ab9b51f0f5af","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Patch"]},{"url":"https://github.com/trailofbits/fickling/pull/272","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/trailofbits/fickling/releases/tag/v0.1.11","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Release Notes"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697","source":"aa17e1a1-c329-4d6e-a1ed-8d0188aea082","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58380","sourceIdentifier":"secalert@redhat.com","published":"2026-07-06T15:16:40.020","lastModified":"2026-07-10T17:26:18.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:41:04.583701Z","id":"CVE-2026-58380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6F076B19-3582-4EC8-9625-D2E716652890"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58380","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496135","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/83699817","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16206","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59089","sourceIdentifier":"secalert@redhat.com","published":"2026-07-06T20:16:38.433","lastModified":"2026-07-10T16:09:55.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:48:49.016983Z","id":"CVE-2026-59089","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.6:*:*:*:*:*:*:*","matchCriteriaId":"1120719E-8A10-4680-816A-7971F135460B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-59089","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496583","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58384","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T09:16:30.003","lastModified":"2026-07-10T15:21:56.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:30:05.659315Z","id":"CVE-2026-58384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6F076B19-3582-4EC8-9625-D2E716652890"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-58384","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2497431","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/da29e217","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16216","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59709","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T15:16:49.430","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove tags on victim holdings, corrupting portfolio categorization and reports."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Ghostfolio","product":"Ghostfolio","defaultStatus":"unaffected","packageURL":"pkg:npm/ghostfolio","versions":[{"version":"0","lessThanOrEqual":"3.6.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:49:02.251483Z","id":"CVE-2026-59709","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/ghostfolio/ghostfolio","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/commit/697ef59e3b58bebc5c21a9e482e4f5643390f316","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/issues/7196","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ghostfolio-unauthorized-portfolio-holding-tag-modification-via-missing-permission-check","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/issues/7196","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57851","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T17:16:36.880","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privileges. Attackers can exploit the accessible device object through IOCTL handlers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Micro-Star International (MSI)","product":"KernCoreLib64.sys","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0.2605.1301","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T17:00:44.711176Z","id":"CVE-2026-57851","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-782"}]}],"references":[{"url":"https://github.com/readmsr/MSI_FeatureManager_CVE","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/msi-gamegaraj-kerncorelib64-sys-privilege-escalation-via-ioctl-handlers","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59708","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T19:16:55.130","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantities, buy prices, and performance metrics without authentication."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ghostfolio","product":"ghostfolio","defaultStatus":"unaffected","packageURL":"pkg:npm/ghostfolio","versions":[{"version":"0","lessThanOrEqual":"3.6.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:43:37.879668Z","id":"CVE-2026-59708","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/ghostfolio/ghostfolio","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/commit/697ef59e3b58bebc5c21a9e482e4f5643390f316","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ghostfolio/ghostfolio/issues/7197","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/ghostfolio-unauthorized-portfolio-data-exposure-via-public-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59800","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T19:16:55.260","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint (this route is not covered by the dashboard middleware matcher, so no authorization check is applied). The sudoPassword field from the request body is written to the stdin of a 'sudo -S sh' child process. When sudo does not prompt for a password (the process runs as root, NOPASSWD is configured, or a recent sudo timestamp cache exists), the sudoPassword value is interpreted by sh as a shell command, allowing a remote unauthenticated attacker to execute arbitrary OS commands. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-07-04 (UTC)."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"decolua","product":"9router","defaultStatus":"unaffected","repo":"https://github.com/decolua/9router","packageURL":"pkg:npm/9router","versions":[{"version":"0","lessThan":"0.4.44","versionType":"semver","status":"affected"},{"version":"0.4.44","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T19:07:58.646180Z","id":"CVE-2026-59800","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/decolua/9router/security/advisories/GHSA-g6g7-pvmx-m74p","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/9router-os-command-injection-via-sudopassword-parameter-in-tailscale-install-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-g6g7-pvmx-m74p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49471","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.833","lastModified":"2026-07-10T19:03:20.407","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach this API from any browser and write arbitrary content to the agent's persistent memory store, which the agent reads and acts on autonomously. Combined with execute_shell_command using shell=True, this creates a remote code execution chain requiring only that the victim visit a malicious webpage while Serena is running. This issue is fixed in version v1.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"oraios","product":"serena","versions":[{"version":"< 1.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T03:55:45.625085Z","id":"CVE-2026-49471","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/oraios/serena/commit/016ccbe1c095a3eed7967737ac1d4df2754f5d96","source":"security-advisories@github.com"},{"url":"https://github.com/oraios/serena/releases/tag/v1.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/oraios/serena/security/advisories/GHSA-37h2-6p4f-mp3q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53511","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.380","lastModified":"2026-07-10T18:59:59.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed unsanitized to exec() in the template formatter. This issue is fixed in version 9.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"kovidgoyal","product":"calibre","versions":[{"version":"< 9.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-53511","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/kovidgoyal/calibre/commit/712f4e1ff5c1e798c335bef3bacc4efdee052e9c","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/calibre/releases/tag/v9.10.0","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-2j4m-2q7x-2c47","source":"security-advisories@github.com"},{"url":"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-2j4m-2q7x-2c47","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53935","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.000","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespace and bypassing namespace scoping enforced by serviceMatcher; deleting such a policy can also corrupt Cilium internal service state and stop service translation for the affected Service. This issue is fixed in versions 1.17.16, 1.18.10, and 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cilium","product":"cilium","versions":[{"version":"< 1.17.16","status":"affected"},{"version":">= 1.18.2, < 1.18.10","status":"affected"},{"version":">= 1.19.0, < 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:17:50.409065Z","id":"CVE-2026-53935","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/cilium/cilium/commit/81d446395673dc2c684c047c12715caffac1a351","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/commit/92ca32eda85aa0c7611c28221cc26fa08be17ebc","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/commit/fe7eb53c7aac9fa7ec610b1975d73fbbb198c66d","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/pull/45412","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/pull/45584","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/pull/45585","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/cilium/security/advisories/GHSA-q6h5-q3q6-f87x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55417","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.160","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route (`/username`) correctly returns 404. However, the `/json` AJAX listing endpoint does not apply the same check. An unauthenticated caller who knows the target's user ID can retrieve all of that user's publicly-scoped images, revealing the username (which should be private). This is patched in Chevereto v4.5.4. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"chevereto","product":"chevereto","versions":[{"version":">= 3.7.5, < 4.5.4","status":"affected"}]},{"vendor":"chevereto","product":"chevereto/chevereto","versions":[{"version":">= 4.0.5, < 4.5.4","status":"affected"}]},{"vendor":"chevereto","product":"rodber/chevereto-free","versions":[{"version":">= 1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:11:14.626911Z","id":"CVE-2026-55417","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://chevereto.com/community/threads/chevereto-v4-5-4-announcement.16398/post-80153","source":"security-advisories@github.com"},{"url":"https://github.com/chevereto/chevereto/security/advisories/GHSA-h4jp-mxfx-g8xp","source":"security-advisories@github.com"},{"url":"https://github.com/chevereto/chevereto/security/advisories/GHSA-h4jp-mxfx-g8xp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59707","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T21:17:29.340","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation, enabling attackers to force the server to issue HTTP GET requests to private and loopback ranges with partial response content leaked through error messages."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"LocalAI","product":"LocalAI","defaultStatus":"unaffected","packageURL":"pkg:golang/github.com/mudler/LocalAI","versions":[{"version":"0","lessThanOrEqual":"v4.3.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:47:31.794452Z","id":"CVE-2026-59707","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/mudler/LocalAI","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mudler/LocalAI/commit/f9b968e19d7cbc556d59dceb2e0e450b828a3fda","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mudler/LocalAI/issues/10665","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/localai-server-side-request-forgery-via-post-models-apply","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mudler/LocalAI/issues/10665","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-28378","sourceIdentifier":"security@grafana.com","published":"2026-07-07T22:16:50.607","lastModified":"2026-07-10T16:05:56.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana Enterprise","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.13","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThanOrEqual":"12.1.9","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.7","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.5","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.1","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"Grafana OSS","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThanOrEqual":"11.6.13","versionType":"semver","status":"affected"},{"version":"12.1.0","lessThanOrEqual":"12.1.9","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThanOrEqual":"12.2.7","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThanOrEqual":"12.3.5","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThanOrEqual":"12.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:50:28.034051Z","id":"CVE-2026-28378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"11.6.0","versionEndIncluding":"11.6.13","matchCriteriaId":"9D59F356-7EE6-4323-B32B-6AA9895E4DF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.6.0","versionEndIncluding":"11.6.13","matchCriteriaId":"819B8356-78D3-481E-90E0-E06904E3597F"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.9","matchCriteriaId":"BBDE0CB0-B614-4E8C-BCCE-1F355A2FE0E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.9","matchCriteriaId":"10C4CCFE-8186-4F2F-91E3-A7B678FC8B66"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.7","matchCriteriaId":"4A56F8B6-4BFF-4DBB-B645-2FF0BEDCA1FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndIncluding":"12.2.7","matchCriteriaId":"C8C2D5FB-AC31-4886-B455-009659BE58DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:-:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.5","matchCriteriaId":"CC445C84-CC5B-4723-86A6-88E966EBCDAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.0","versionEndIncluding":"12.3.5","matchCriteriaId":"CC523DB0-CC71-43F3-A842-5582CD1B3D90"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:-:*:*:*","matchCriteriaId":"BBF9171C-F062-4FA4-8513-2D540FA072C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"34DE1833-C0AD-48FD-AD0A-E58121F62683"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-28378","source":"security@grafana.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-54698","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.500","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Hasura is an open-source product that provides users GraphQL or REST APIs. Prior to 2.49.2 and 2.45.5, a user can use a where clause on a table computed field (returning SETOF some_table) to infer row values that ought to be filtered for their role based on some_table's row-level permissions. While such rows cannot be returned directly, like predicates on strings for instance allow values to be brute forced efficiently with the where clause as an oracle. This issue is fixed in versions 2.49.2 and 2.45.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hasura","product":"graphql-engine","versions":[{"version":">= 2.46.0, < 2.49.2","status":"affected"},{"version":">= 2.45.0, < 2.45.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:01:48.684963Z","id":"CVE-2026-54698","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/hasura/graphql-engine/security/advisories/GHSA-r27x-gc74-qmxh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55490","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:54.060","lastModified":"2026-07-10T17:37:00.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openwrt","product":"openwrt","versions":[{"version":"< 25.12.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:51:49.570163Z","id":"CVE-2026-55490","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*","versionEndExcluding":"25.12.5","matchCriteriaId":"93C72B3E-525F-44C1-833C-88A85A6BB586"}]}]}],"references":[{"url":"https://github.com/openwrt/openwrt/commit/63c0767f3d02f7b10b0f0b5293366bd059a08ca5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openwrt/openwrt/releases/tag/v25.12.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/openwrt/openwrt/security/advisories/GHSA-9558-77jp-g3fw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-37270","sourceIdentifier":"cve@mitre.org","published":"2026-07-07T23:16:54.657","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:37:25.807560Z","id":"CVE-2026-37270","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/EmbdCDACHyd/CVE/blob/main/CVE-2026-37270/CVE-2026-37270.pdf","source":"cve@mitre.org"},{"url":"https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2026-37270","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-37271","sourceIdentifier":"cve@mitre.org","published":"2026-07-07T23:16:54.773","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby device to trigger functionality on the smartwatch."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:02:39.429702Z","id":"CVE-2026-37271","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/EmbdCDACHyd/CVE/blob/main/CVE-2026-37271/CVE-2026-37271.pdf","source":"cve@mitre.org"},{"url":"https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2026-37271","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-50810","sourceIdentifier":"cve@mitre.org","published":"2026-07-07T23:16:54.887","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:32:19.412137Z","id":"CVE-2026-50810","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://gist.github.com/junius-sec/0c67bf67a268ff8861100bfc132e801c","source":"cve@mitre.org"},{"url":"https://github.com/gpac/gpac/commit/b35c61f104b85fbb16520ac2838d5d2ef70845b5","source":"cve@mitre.org"},{"url":"https://github.com/gpac/gpac/issues/3507","source":"cve@mitre.org"},{"url":"https://github.com/gpac/gpac/issues/3507","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59704","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T23:16:55.850","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap","product":"Cap","defaultStatus":"unaffected","packageURL":"pkg:npm/cap","versions":[{"version":"0","lessThanOrEqual":"8d48642","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:02:07.868302Z","id":"CVE-2026-59704","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/CapSoftware/Cap","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/commit/8d48642b6e7938af238386383ef1c273be4110dd","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/issues/1981","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/pull/1926","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-missing-access-control-in-video-ai-metadata-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/CapSoftware/Cap/issues/1981","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56843","sourceIdentifier":"support@hackerone.com","published":"2026-07-08T01:16:28.277","lastModified":"2026-07-10T18:57:22.440","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be leveraged to execute code as another tenant's system user."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Webpros","product":"Plesk","defaultStatus":"unaffected","versions":[{"version":"10.4","lessThan":"18.0.78.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:04:03.813528Z","id":"CVE-2026-56843","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://support.plesk.com/hc/en-us/articles/41178305151255-Vulnerability-in-Plesk-XML-API-Cleartext-FTP-Password-Exposure","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-14454","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-08T13:16:30.053","lastModified":"2026-07-10T15:31:22.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed.\n\nImager mishandled large EXIF IFD entry count values, treating them as negative numbers.  This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process.\n\nAn attacker could craft an image with EXIF data that terminates a worker process."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"TONYC","product":"Imager","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Imager","programFiles":["imexif.c"],"programRoutines":[{"name":"tiff_load_ifd"}],"repo":"https://github.com/tonycoz/imager","versions":[{"version":"0","lessThan":"1.033","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:50:57.514385Z","id":"CVE-2026-14454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-196"},{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tonycoz:imager:*:*:*:*:*:perl:*:*","versionEndExcluding":"1.033","matchCriteriaId":"7A93C7AC-6CF1-4A7F-A3CC-F4EA72208710"}]}]}],"references":[{"url":"https://github.com/tonycoz/imager/commit/06f01a5d0fd591259aeba589370d6888384a6b6d.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/TONYC/Imager-1.033/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-15053","sourceIdentifier":"3938794e-25f5-4123-a1ba-5cbd7f104512","published":"2026-07-08T14:16:56.930","lastModified":"2026-07-10T19:00:47.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tanium addressed a denial of service vulnerability in Tanium Server."}],"affected":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","affectedData":[{"vendor":"Tanium","product":"Tanium Server","versions":[{"version":"7.7.3.8298","lessThan":"7.7.3.8298","versionType":"custom","status":"affected"},{"version":"7.8.2.1198","lessThan":"7.8.2.1198","versionType":"custom","status":"affected"},{"version":"7.8.4.1327","lessThan":"7.8.4.1327","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:27:30.302303Z","id":"CVE-2026-15053","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3938794e-25f5-4123-a1ba-5cbd7f104512","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.3.0","versionEndExcluding":"7.7.3.8298","matchCriteriaId":"1705F1B3-865D-48ED-97DD-0CB058884D42"},{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.2.0","versionEndExcluding":"7.8.2.1198","matchCriteriaId":"67604599-4DCB-45C7-BBC7-A0E28B689D23"},{"vulnerable":true,"criteria":"cpe:2.3:a:tanium:server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.4.0","versionEndExcluding":"7.8.4.1327","matchCriteriaId":"70EA5691-3695-4F52-BFB6-EC6D99E62325"}]}]}],"references":[{"url":"https://security.tanium.com/TAN-2026-016","source":"3938794e-25f5-4123-a1ba-5cbd7f104512","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22927","sourceIdentifier":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","published":"2026-07-08T14:16:57.060","lastModified":"2026-07-10T15:27:32.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Omnissa Workspace ONE® Tunnel for Windows addresses a   Local Privilege Escalation Vulnerability."}],"affected":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","affectedData":[{"vendor":"Omnissa","product":"Omnissa Workspace ONE® Tunnel for Windows","defaultStatus":"unaffected","versions":[{"version":"Omnissa Workspace ONE® Tunnel for Windows prior to 26.03","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-22927","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:omnissa:workspace_one_tunnel:*:*:*:*:*:*:*:*","versionEndExcluding":"26.03","matchCriteriaId":"2A20A5AE-BB42-4361-BB36-B4016C16827F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.omnissa.com/omnissa-security-response/","source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","tags":["Vendor Advisory"]},{"url":"https://www.omnissa.com/omsa-2026-0002","source":"de5a6978-88fe-4c27-a7df-d0d5b52d5b52","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56362","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.887","lastModified":"2026-07-10T18:27:38.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-15","versionType":"semver","status":"affected"},{"version":"7.1.2-15","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-40","versionType":"semver","status":"affected"},{"version":"6.9.13-40","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":0.7,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:41:35.114834Z","id":"CVE-2026-56362","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-40","matchCriteriaId":"C6F44A65-1733-4752-AAD0-BCCC7BDBC877"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-15","matchCriteriaId":"6AFFD439-1068-4B6F-AE01-724AC62CDCEA"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-heap-buffer-overflow-read-in-getpixelindex-via-openpixelcache-metadata-desynchronization","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-60092","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:22.370","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored (meet_join_log.user_agent) without sanitization (bypassing AVideo's setter-level xss_esc() layer) and later echoed without output encoding (no htmlspecialchars()) in the Participants management panel, which is accessible to the meeting host and site administrators. An anonymous, unauthenticated attacker can join any public meeting while supplying a User-Agent header containing an HTML/JavaScript payload; the payload is persisted and executes in the privileged, authenticated browser session of the meeting host or a site administrator when they open the participant list. The issue was unpatched at the time of the report."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"AVideo","product":"AVideo","defaultStatus":"affected"}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:17:44.201788Z","id":"CVE-2026-60092","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/e8d6119f3cb1b849149906efeb0a41fc024f59f8","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-7cqp-7cfv-6c3q","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avideo-stored-cross-site-scripting-via-unescaped-user-agent-in-participants-panel","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-7cqp-7cfv-6c3q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-24697","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:26.697","lastModified":"2026-07-10T17:54:30.890","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the start_bonjour() function of the \"rc\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:47:13.498961Z","id":"CVE-2026-24697","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/2/wp-en.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/2/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24698","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:26.827","lastModified":"2026-07-10T17:51:09.083","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the save_syslog_to_file() function of the \"httpd\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:41:31.584405Z","id":"CVE-2026-24698","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/3/wp-en.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/3/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24699","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:26.943","lastModified":"2026-07-10T17:50:43.990","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the sub_34984() function of the \"rc\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:45:19.551170Z","id":"CVE-2026-24699","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/4/wp-en.md","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/4/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-24700","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T15:16:27.047","lastModified":"2026-07-10T17:49:52.123","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in the start_lltd() function of the \"rc\" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:49:06.635827Z","id":"CVE-2026-24700","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"0E8376ED-8273-4296-A90F-AA16156B8104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*","matchCriteriaId":"D5D233CF-2504-4E69-9AD0-D3B631C8FC11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*","matchCriteriaId":"FF66A7CE-469A-48CD-AE85-2F49E1C505FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*","matchCriteriaId":"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B1A70E10-227E-44E2-8558-58B37CCF63D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*","matchCriteriaId":"20E8ECAC-E842-41DB-9612-9374A9648DC2"}]}]}],"references":[{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/1/wp-en.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/1/wp-en.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-59703","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T15:16:32.173","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file:// scheme URLs that bypass validation and are passed directly to git clone, enabling unauthorized access to all tracked file contents on the server filesystem."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"repomix","product":"repomix","defaultStatus":"affected","packageURL":"pkg:npm/repomix","versions":[{"version":"0","lessThan":"1.14.1","versionType":"custom","status":"affected"},{"version":"0","lessThanOrEqual":"c748b52","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:51:45.464506Z","id":"CVE-2026-59703","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]}],"references":[{"url":"https://github.com/CrazyForks/repomix/commit/c748b524f41225e7fc6f89ad0084520901a453cf","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1704","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/repomix-local-file-inclusion-via-file-url-scheme-in-git-clone-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1704","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-3144","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-08T16:16:28.463","lastModified":"2026-07-10T17:01:12.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"API Connect","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0.0","lessThan":"12.1.0.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-3144","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0.0","versionEndExcluding":"12.1.1.0","matchCriteriaId":"C2FCDDB6-E3A4-4E7A-9B59-5C1DD585D384"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278909","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53951","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:30.623","lastModified":"2026-07-10T19:06:45.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's prefix match\n(`copier/_settings.py`) compares the template URL against a trusted prefix with a raw `str.startswith` and no path normalization, while the URL is normalized when the template is actually fetched (`Path.resolve()` for local paths; libcurl dot-segment removal for `https`). A template reference that textually starts with a trusted prefix but contains `..` is therefore granted trust yet resolves to a different, attacker-controlled template, whose `tasks` / `migrations` / `jinja_extensions` then run without the `--trust` prompt — arbitrary command execution. Version 9.15.2 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"copier-org","product":"copier","versions":[{"version":">= 9.5.0, < 9.15.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:46:41.622835Z","id":"CVE-2026-53951","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/copier-org/copier/releases/tag/v9.15.2","source":"security-advisories@github.com"},{"url":"https://github.com/copier-org/copier/security/advisories/GHSA-9gmc-jqmh-3rvm","source":"security-advisories@github.com"},{"url":"https://github.com/copier-org/copier/security/advisories/GHSA-9gmc-jqmh-3rvm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55761","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:31.020","lastModified":"2026-07-10T17:48:26.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization endpoints (/api/restore and /api/users/admin/init) remain accessible during the five-minute setup window for uninitialized instances, allowing a network attacker to restore a crafted backup or create the first administrator account and gain full administrative access. This issue is fixed in versions 2.39.4 and 2.43.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"portainer","product":"portainer","versions":[{"version":">= 2.39.0, < 2.39.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:51:27.827566Z","id":"CVE-2026-55761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:portainer:portainer:*:*:*:*:community:*:*:*","versionStartIncluding":"2.39.0","versionEndExcluding":"2.39.4","matchCriteriaId":"60BA3C37-7C24-47CA-9CBF-B6E3A45583A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:portainer:portainer:*:*:*:*:community:*:*:*","versionStartIncluding":"2.40.0","versionEndExcluding":"2.43.0","matchCriteriaId":"749C4535-79C1-4C3B-99C2-8FC556ED01A6"}]}]}],"references":[{"url":"https://github.com/portainer/portainer/commit/49f19107cf9a3540cbe406c9eb7f24390e1af02b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/portainer/portainer/commit/d2b56efcb4e43c4168bb6688eee9f6bf22867312","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/portainer/portainer/issues/2770","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/portainer/portainer/releases/tag/2.39.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/portainer/portainer/releases/tag/2.43.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-x626-fcwx-f5pc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57439","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:31.280","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts __proto__ as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript into HTML output. This issue is fixed in version 11.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gchq","product":"CyberChef","versions":[{"version":"< 11.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:12:11.872931Z","id":"CVE-2026-57439","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/gchq/CyberChef/commit/85db3be5d0096859b810f0e8d3e151d5dc9b948f","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/issues/2568","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/pull/2569","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/releases/tag/v11.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/security/advisories/GHSA-fx6f-382r-j72c","source":"security-advisories@github.com"},{"url":"https://github.com/gchq/CyberChef/security/advisories/GHSA-fx6f-382r-j72c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59262","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T16:16:31.430","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails, and timestamps of private pages they lack access to."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"affine","product":"monorepo","defaultStatus":"affected","packageURL":"pkg:npm/affine/monorepo","versions":[{"version":"0","lessThan":"0.26.3","versionType":"custom","status":"affected"},{"version":"0","lessThanOrEqual":"1f0bcd0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:43:26.413343Z","id":"CVE-2026-59262","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/toeverything/AFFiNE","source":"disclosure@vulncheck.com"},{"url":"https://github.com/toeverything/AFFiNE/commit/1f0bcd01a37a522393fc1b288395e3a72a79ccad","source":"disclosure@vulncheck.com"},{"url":"https://github.com/toeverything/AFFiNE/issues/15179","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/affine-unauthorized-document-edit-history-access-via-graphql-histories-field","source":"disclosure@vulncheck.com"},{"url":"https://github.com/toeverything/AFFiNE/issues/15179","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59702","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T16:16:31.577","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers to access private network addresses, GCP metadata services, or local filesystem paths."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"repomix","product":"repomix","defaultStatus":"affected","packageURL":"pkg:npm/repomix","versions":[{"version":"0","lessThan":"1.14.1","versionType":"custom","status":"affected"},{"version":"0","lessThanOrEqual":"c748b52","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:18:46.452885Z","id":"CVE-2026-59702","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/CrazyForks/repomix/commit/c748b524f41225e7fc6f89ad0084520901a453cf","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1703","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/repomix-server-side-request-forgery-via-unvalidated-repository-urls-in-post-api-pack","source":"disclosure@vulncheck.com"},{"url":"https://github.com/yamadashy/repomix/issues/1703","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59870","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.580","lastModified":"2026-07-10T19:20:49.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion, causing O(n^2) CPU consumption when yaml.load() parses a crafted ordered-map document. This issue is fixed in version 5.2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nodeca","product":"js-yaml","versions":[{"version":">= 5.0.0, < 5.2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:50:31.265965Z","id":"CVE-2026-59870","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodeca:js-yaml:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.2.1","matchCriteriaId":"364B7995-9A39-4BB4-92C4-B0D7A946F16B"}]}]}],"references":[{"url":"https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nodeca/js-yaml/releases/tag/5.2.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59871","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.723","lastModified":"2026-07-10T19:02:55.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is fixed in version 7.5.18."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"isaacs","product":"node-tar","versions":[{"version":"< 7.5.18","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:12:47.672306Z","id":"CVE-2026-59871","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-704"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isaacs:tar:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.5.18","matchCriteriaId":"C627D7A4-A113-4F0A-8C9E-76EB0B888958"}]}]}],"references":[{"url":"https://github.com/isaacs/node-tar/commit/e02a4e9e013c4be95302e2eb2047a942b883c27b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/isaacs/node-tar/releases/tag/v7.5.18","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-w8wr-v893-vjvp","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-w8wr-v893-vjvp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59873","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.867","lastModified":"2026-07-10T18:57:17.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space and CPU. This issue is fixed in version 7.5.19."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"isaacs","product":"node-tar","versions":[{"version":"< 7.5.19","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T18:00:24.478882Z","id":"CVE-2026-59873","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isaacs:tar:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.5.19","matchCriteriaId":"DA3EF151-312C-4884-84B8-FFA6F32FBD27"}]}]}],"references":[{"url":"https://github.com/isaacs/node-tar/commit/2812e9338665659b183aa7226518c307044957d3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/isaacs/node-tar/releases/tag/v7.5.19","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-23hp-3jrh-7fpw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-23hp-3jrh-7fpw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59874","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:33.990","lastModified":"2026-07-10T18:54:12.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"isaacs","product":"node-tar","versions":[{"version":"< 7.5.18","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:51:08.126808Z","id":"CVE-2026-59874","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isaacs:tar:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.5.18","matchCriteriaId":"C627D7A4-A113-4F0A-8C9E-76EB0B888958"}]}]}],"references":[{"url":"https://github.com/isaacs/node-tar/commit/9e78bf058b2c22dd4d52e00d8922d5c06fc2f7b5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/isaacs/node-tar/releases/tag/v7.5.18","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-8x88-c5mf-7j5w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-8x88-c5mf-7j5w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59875","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:34.107","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fixed in version 7.5.17."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"isaacs","product":"node-tar","versions":[{"version":"< 7.5.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:43:50.698715Z","id":"CVE-2026-59875","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/isaacs/node-tar/commit/7a635c29f5edbf083557374d43984273ecfed5b3","source":"security-advisories@github.com"},{"url":"https://github.com/isaacs/node-tar/releases/tag/v7.5.17","source":"security-advisories@github.com"},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-gvwx-54wh-qm9j","source":"security-advisories@github.com"},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-gvwx-54wh-qm9j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59877","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:34.363","lastModified":"2026-07-10T18:53:14.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prematurely can cause parse, Root.load, or Root.loadSync to loop indefinitely. This issue is fixed in versions 7.6.5 and 8.6.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"protobufjs","product":"protobuf.js","versions":[{"version":">= 7.5.0, < 7.6.5","status":"affected"},{"version":">= 8.0.0, < 8.6.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:48:58.903197Z","id":"CVE-2026-59877","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.6.5","matchCriteriaId":"CE56DEAB-0C12-4D27-B6A9-9594122EB93F"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.6.6","matchCriteriaId":"0859CC9A-187E-4D68-9D7B-B5F1E4AC3A9F"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/commit/10fba6d54815ceecca8a06b9a6db490c8f5d2217","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/protobufjs/protobuf.js/commit/fa5c73add738ceb471e74da8cc2f3727c3d0a69f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/protobufjs/protobuf.js/pull/2352","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.6.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.6.6","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-j3f2-48v5-ccww","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59880","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T16:16:34.517","lastModified":"2026-07-10T18:49:51.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such as through Immutable.Map(obj), Immutable.fromJS(obj), state.merge(userObject), or mergeDeep, to craft many colliding keys and degrade insertion and lookup to consume disproportionate CPU. This issue is fixed in versions 4.3.9 and 5.1.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"immutable-js","product":"immutable-js","versions":[{"version":"< 4.3.9","status":"affected"},{"version":">= 5.0.0-beta.1, < 5.1.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:13:29.483011Z","id":"CVE-2026-59880","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.3.9","matchCriteriaId":"00ECE08B-71E4-413F-A0DF-A832BC22BEC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.1.8","matchCriteriaId":"180BFC9A-F7CD-4B20-BD0D-325018D87A22"}]}]}],"references":[{"url":"https://github.com/immutable-js/immutable-js/commit/3dd7e5655012597a41873e328bf9142a8901527b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/commit/e51d49fc612ded5ec4dfb94ff294d22074269b0f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v4.3.9","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v5.1.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-xvcm-6775-5m9r","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-xvcm-6775-5m9r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9074","sourceIdentifier":"psirt@us.ibm.com","published":"2026-07-08T16:16:35.050","lastModified":"2026-07-10T16:59:16.577","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"API Connect","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:*"],"versions":[{"version":"10.0.8.0","lessThan":"10.0.8.9","versionType":"semver","status":"affected"},{"version":"12.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-9074","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.8.0","versionEndExcluding":"10.0.8.10","matchCriteriaId":"5F7752F5-8A00-4C79-9B5B-B674AD2F1E25"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0.0","versionEndExcluding":"12.1.1.0","matchCriteriaId":"C2FCDDB6-E3A4-4E7A-9B59-5C1DD585D384"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278218","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/7278909","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-3110","sourceIdentifier":"security@openvpn.net","published":"2026-07-08T17:17:19.650","lastModified":"2026-07-10T17:00:29.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy"}],"affected":[{"source":"security@openvpn.net","affectedData":[{"vendor":"OpenVPN","product":"Access Server","defaultStatus":"unaffected","versions":[{"version":"2.7.2","lessThanOrEqual":"3.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@openvpn.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:29:40.241425Z","id":"CVE-2025-3110","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@openvpn.net","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.2","versionEndIncluding":"3.1.0","matchCriteriaId":"1E78FCC3-BC92-47D0-83BB-309B2F778217"}]}]}],"references":[{"url":"https://openvpn.net/as-docs/as-3-2-release-notes.html","source":"security@openvpn.net","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-59879","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:26.370","lastModified":"2026-07-10T18:48:54.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js, causing an empty List to enter an uncatchable infinite loop, a populated List to allocate without bound until process abort, or setSize to silently wrap large values. This issue is fixed in versions 4.3.9 and 5.1.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"immutable-js","product":"immutable-js","versions":[{"version":">= 5.0.0-beta.1, < 5.1.8","status":"affected"},{"version":"< 4.3.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:51:48.441737Z","id":"CVE-2026-59879","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-835"},{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.3.9","matchCriteriaId":"00ECE08B-71E4-413F-A0DF-A832BC22BEC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:immutable-js:immutable:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.1.8","matchCriteriaId":"180BFC9A-F7CD-4B20-BD0D-325018D87A22"}]}]}],"references":[{"url":"https://github.com/immutable-js/immutable-js/commit/a1a1ee412dcaa380ab325196283d06594ffe4b84","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/commit/f0bc997d8eb9886aff2236635aa210a95a04304a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v4.3.9","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/releases/tag/v5.1.8","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59882","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:26.597","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security or routing decisions. This issue is fixed in version 2.12.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"guzzle","product":"psr7","versions":[{"version":"< 2.12.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:50:26.023312Z","id":"CVE-2026-59882","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/guzzle/psr7/commit/ddd64f17d4cc1f7e5ffe6fd2c989ec7221712580","source":"security-advisories@github.com"},{"url":"https://github.com/guzzle/psr7/pull/811","source":"security-advisories@github.com"},{"url":"https://github.com/guzzle/psr7/releases/tag/2.12.3","source":"security-advisories@github.com"},{"url":"https://github.com/guzzle/psr7/security/advisories/GHSA-c2w2-prh8-qm98","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59887","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:26.883","lastModified":"2026-07-10T19:13:03.283","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test() and .match() can be invoked at every mailto: occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption on crafted user text. This issue is fixed in version 5.0.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"markdown-it","product":"linkify-it","versions":[{"version":"< 5.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:40:56.927532Z","id":"CVE-2026-59887","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://github.com/markdown-it/linkify-it/commit/105e5d77f7d119871d2b2d86ed208568eb3e7ffe","source":"security-advisories@github.com"},{"url":"https://github.com/markdown-it/linkify-it/releases/tag/5.0.2","source":"security-advisories@github.com"},{"url":"https://github.com/markdown-it/linkify-it/security/advisories/GHSA-v245-v573-v5vm","source":"security-advisories@github.com"},{"url":"https://github.com/markdown-it/linkify-it/security/advisories/GHSA-v245-v573-v5vm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59892","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:27.190","lastModified":"2026-07-10T18:56:03.583","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, allowing an unauthenticated remote attacker to send a malformed percent-encoded value that throws an uncaught URIError and terminates a Node.js process using JaegerPropagator as the active propagator. This issue is fixed in version 2.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-telemetry","product":"opentelemetry-js","versions":[{"version":"< 2.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T19:40:34.423590Z","id":"CVE-2026-59892","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-js/commit/b1c196d49d54caae59741cca0a9d57d101d7ea88","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-js/releases/tag/v2.9.0","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-45rx-2jwx-cxfr","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-45rx-2jwx-cxfr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59895","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:27.353","lastModified":"2026-07-10T19:53:22.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class attribute during server-side rendering to break out of the attribute and inject arbitrary markup. This issue is fixed in version 4.12.27."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":">= 4.0.0, < 4.12.27","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:50:18.277447Z","id":"CVE-2026-59895","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.12.27","matchCriteriaId":"08C4DBB0-9F35-4FF1-8BAF-CACAABAD6057"}]}]}],"references":[{"url":"https://github.com/honojs/hono/commit/cd3f6f7194f0e5c9d4b26ae0cf232018d0f388fc","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/honojs/hono/releases/tag/v4.12.27","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/honojs/hono/security/advisories/GHSA-w62v-xxxg-mg59","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59896","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:27.493","lastModified":"2026-07-10T19:50:53.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight request to be used after an await in an async component. This issue is fixed in version 4.12.27."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":">= 4.11.8, < 4.12.27","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:49:50.977740Z","id":"CVE-2026-59896","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.11.8","versionEndExcluding":"4.12.27","matchCriteriaId":"9B42B113-3A7D-419F-BBEF-8EC6D7FDAC41"}]}]}],"references":[{"url":"https://github.com/honojs/hono/commit/fab3b13639339cbd5ba1166a5b23d9ac30c5f64f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/honojs/hono/releases/tag/v4.12.27","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/honojs/hono/security/advisories/GHSA-hvrm-45r6-mjfj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59897","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T17:17:27.637","lastModified":"2026-07-10T19:50:16.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware or application logic that depends on the complete X-Forwarded-For chain, rate limiting, audit logging, or proxy-chain validation can receive incomplete data. This issue is fixed in version 4.12.27."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":">= 4.3.3, < 4.12.27","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:51:23.283182Z","id":"CVE-2026-59897","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-348"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.3.3","versionEndExcluding":"4.12.27","matchCriteriaId":"3B34D77B-60D8-4235-8A45-055C0B65B608"}]}]}],"references":[{"url":"https://github.com/honojs/hono/commit/aa921770d09bc35970362d5a2630a878f6d982fd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/honojs/hono/releases/tag/v4.12.27","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/honojs/hono/security/advisories/GHSA-xgm2-5f3f-mvvc","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-15154","sourceIdentifier":"secalert@redhat.com","published":"2026-07-08T20:16:48.430","lastModified":"2026-07-10T15:24:29.933","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-built-in-detector-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T20:38:40.332330Z","id":"CVE-2026-15154","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:*","matchCriteriaId":"EBF0A70A-E606-48C8-82C2-4D8760146265"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15154","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498188","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-36027","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T20:16:48.817","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge components"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T20:23:38.812888Z","id":"CVE-2026-36027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1313"}]}],"references":[{"url":"https://code.com","source":"cve@mitre.org"},{"url":"https://code27.com","source":"cve@mitre.org"},{"url":"https://github.com/redr0nin/Code-27-Companion-Hub-Exploits","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-44332","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:49.773","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enumeration through response timing differences. This issue is fixed in version 3.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gofiber","product":"fiber","versions":[{"version":"< 3.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:33:24.172923Z","id":"CVE-2026-44332","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://github.com/gofiber/fiber/commit/c7ac00edd19f9669b1aebbec6e229658baaa059e","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4245","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v3.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-g5vh-55hw-rxm8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45045","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:50.060","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream servers for logging, rate limiting, and access control. This issue is fixed in version 3.3.0 and 2.52.14."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gofiber","product":"fiber","versions":[{"version":">= 3.0.0-beta.2, < 3.3.0","status":"affected"},{"version":"< 2.52.14","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:19:42.395861Z","id":"CVE-2026-45045","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/gofiber/fiber/commit/1403cc8292da3220e9316960b4030cc722a0f396","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/commit/33c9501288ab47a429c8b5e701493f0c3c0af37d","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4260","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4495","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v2.52.14","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v3.3.0","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-gcfq-8gqf-4876","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53624","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:52.293","lastModified":"2026-07-10T19:01:16.053","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol() for https instead of c.Scheme(). This issue is fixed in version 3.4.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gofiber","product":"fiber","versions":[{"version":"< 3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:57:02.119046Z","id":"CVE-2026-53624","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://github.com/gofiber/fiber/commit/04dd4e7754f61768fddccacc79057e416f13e6bf","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/pull/4389","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/releases/tag/v3.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-gv83-gqw6-9j2c","source":"security-advisories@github.com"},{"url":"https://github.com/gofiber/fiber/security/advisories/GHSA-gv83-gqw6-9j2c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55575","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:53.137","lastModified":"2026-07-10T19:06:45.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via [...toArray(v)] without calling this.context.memoryLimit.use(...), allowing a template render such as {{ huge_array | pop }} to allocate an O(N) clone of an attacker-influenced array outside the configured memoryLimit budget. This issue is fixed in version 10.27.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"harttle","product":"liquidjs","versions":[{"version":"< 10.27.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:59:36.356874Z","id":"CVE-2026-55575","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/harttle/liquidjs/commit/8a0c74a7fcb1671aa1dcb71ec82ba0602dc90d04","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/pull/907","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/releases/tag/v10.27.1","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-g357-x5c3-c72p","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-g357-x5c3-c72p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55760","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:53.287","lastModified":"2026-07-10T19:13:03.283","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template names derived from URL path parameters, request parameters, or other user-controlled sources. This issue is fixed in version 4.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jknack","product":"handlebars.java","versions":[{"version":"< 4.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:37:35.585442Z","id":"CVE-2026-55760","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/jknack/handlebars.java/commit/d177cdee8b750385ca7a0d0f89f2d4be73e28f4e","source":"security-advisories@github.com"},{"url":"https://github.com/jknack/handlebars.java/releases/tag/v4.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/jknack/handlebars.java/security/advisories/GHSA-r4gv-qr8j-p3pg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58501","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:55.323","lastModified":"2026-07-10T18:15:45.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fixed in version 4.3.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mvantellingen","product":"python-zeep","versions":[{"version":">= 4.0.0, < 4.3.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:20:37.552267Z","id":"CVE-2026-58501","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python-zeep:zeep:*:*:*:*:*:python:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.3.3","matchCriteriaId":"9D85C9AB-4BF5-4609-AB7D-39CBC4194889"}]}]}],"references":[{"url":"https://github.com/mvantellingen/python-zeep/commit/83eb07bc6c84d841329d4f88856fecdba86f753e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/mvantellingen/python-zeep/releases/tag/4.3.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/mvantellingen/python-zeep/security/advisories/GHSA-4cc2-g9w2-fhf6","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59803","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:55.913","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode (protocol/message.go). When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in size guard, protocol.MaxMessageLength, is checked against the compressed on-the-wire frame length, not the decompressed size, so it provides no protection. Because decoding (and decompression) occurs in readRequest before authentication, a single unauthenticated connection can send a small (under 2 MB) gzip-compressed message that expands to gigabytes of heap allocation, leading to out-of-memory conditions and service unavailability."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"smallnest","product":"rpcx","defaultStatus":"unaffected","repo":"https://github.com/smallnest/rpcx","packageURL":"pkg:golang/github.com/smallnest/rpcx","versions":[{"version":"0","lessThanOrEqual":"1.9.3","versionType":"semver","status":"affected"},{"version":"047aec18efa7d037105e2b72c36dd2ae05e1acc6","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:29:48.308645Z","id":"CVE-2026-59803","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/smallnest/rpcx/commit/047aec18efa7d037105e2b72c36dd2ae05e1acc6","source":"disclosure@vulncheck.com"},{"url":"https://github.com/smallnest/rpcx/issues/942","source":"disclosure@vulncheck.com"},{"url":"https://github.com/smallnest/rpcx/pull/943","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/rpcx-denial-of-service-via-gzip-decompression-bomb-in-wire-protocol","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59804","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:56.077","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, which performs no Origin header validation and requires no authentication token. Attackers can connect from any web page visited by the victim to seize the single-client slot, intercept and inject automation commands, exfiltrate command-payload data, or unconditionally terminate the server by supplying the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"web-infra-dev","product":"midscene","defaultStatus":"unaffected","repo":"https://github.com/web-infra-dev/midscene","packageURL":"pkg:npm/midscene","versions":[{"version":"0","lessThanOrEqual":"1.10.3","versionType":"semver","status":"affected"},{"version":"86f4118d1d847041c63d79e347e08c87c3f1a882","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:02:32.806757Z","id":"CVE-2026-59804","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-1385"}]}],"references":[{"url":"https://github.com/web-infra-dev/midscene/commit/86f4118d1d847041c63d79e347e08c87c3f1a882","source":"disclosure@vulncheck.com"},{"url":"https://github.com/web-infra-dev/midscene/issues/2752","source":"disclosure@vulncheck.com"},{"url":"https://github.com/web-infra-dev/midscene/pull/2759","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/midscene-bridge-server-session-hijack-via-unauthenticated-websocket","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59805","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:56.250","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revoke_access and undo_revoke_access actions without seller ownership validation. Attackers can modify the is_access_revoked status on arbitrary purchases to unauthorized revoke or restore buyer access to products they do not own."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"antiwork","product":"gumroad","defaultStatus":"unaffected","repo":"https://github.com/antiwork/gumroad","packageURL":"pkg:npm/gumroad","versions":[{"version":"0","lessThan":"2026.07.06.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:37:43.271098Z","id":"CVE-2026-59805","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/antiwork/gumroad/commit/e7fd0e610e73135ecf1aa07c197a36fa524832e1","source":"disclosure@vulncheck.com"},{"url":"https://github.com/antiwork/gumroad/issues/5725","source":"disclosure@vulncheck.com"},{"url":"https://github.com/antiwork/gumroad/pull/5731","source":"disclosure@vulncheck.com"},{"url":"https://github.com/antiwork/gumroad/releases/tag/v2026.07.06.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gumroad-insecure-direct-object-reference-in-purchasescontroller","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59806","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:56.973","lastModified":"2026-07-10T18:48:55.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"gradio-app","product":"gradio","defaultStatus":"unaffected","repo":"https://github.com/gradio-app/gradio","packageURL":"pkg:npm/gradio-ui","versions":[{"version":"0","lessThan":"6.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:18:10.196884Z","id":"CVE-2026-59806","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/gradio-app/gradio/commit/1c5c53842df9c2750552d85c19a92e7e732cff3f","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/issues/13593","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/pull/13596","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/releases/tag/gradio%406.20.0","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gradio-open-redirect-and-ssrf-via-gradio-api-file-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59807","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T20:16:57.123","lastModified":"2026-07-10T18:22:49.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt injection to manipulate file_uploadable parameters to reference sensitive paths such as SSH private keys, causing the CLI to upload credential files to attacker-controlled storage."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ComposioHQ","product":"composio","defaultStatus":"unaffected","repo":"https://github.com/ComposioHQ/composio","packageURL":"pkg:npm/composio","versions":[{"version":"0","lessThan":"0.2.32-beta.283","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:28:21.622630Z","id":"CVE-2026-59807","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/ComposioHQ/composio/commit/fc17c37bf95b7ece5c038cb7e2ab7e3e4a064e3a","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/issues/3746","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/pull/3763","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/releases/tag/%40composio%2Fcli%400.2.32-beta.283","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/composio-sdk-beta-283-sensitive-file-upload-via-tool-file-uploads-ts","source":"disclosure@vulncheck.com"},{"url":"https://github.com/ComposioHQ/composio/issues/3746","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59946","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:59.707","lastModified":"2026-07-10T19:14:18.563","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and world-executable mode during composer install, update, or require. This issue is fixed in versions 2.2.29 and 2.10.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"composer","product":"composer","versions":[{"version":">= 1.0, < 2.2.29","status":"affected"},{"version":">= 2.3.0, < 2.10.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:21:07.902689Z","id":"CVE-2026-59946","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://github.com/composer/composer/commit/502c6c4f699802d9cf464728b3e8a95674f919a0","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/commit/c50b1efd13ebd73f6dca19b31424c5a02bf93cc1","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/releases/tag/2.10.2","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/releases/tag/2.2.29","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/security/advisories/GHSA-gjfg-22fp-rrxx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59947","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:59.843","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug output because AuthHelper, Url::sanitize, and ProcessExecutor did not sanitize username-only URL credentials. This issue is fixed in versions 2.2.29 and 2.10.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"composer","product":"composer","versions":[{"version":">= 1.0, < 2.2.29","status":"affected"},{"version":">= 2.3.0, < 2.10.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:01:31.826906Z","id":"CVE-2026-59947","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/composer/composer/commit/6bd66874ae523ecb69aca5964487a0cdfda03ef8","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/commit/8887ad76fbd830cb1861a2b1fd8ead78ed1fa1ec","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/releases/tag/2.10.2","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/releases/tag/2.2.29","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/security/advisories/GHSA-g6xq-892h-64w3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59948","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:59.980","lastModified":"2026-07-10T19:14:18.563","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project during install or update by using an invalid package name that is not correctly validated before dependency-resolution results are written or installed. This issue is fixed in versions 2.2.29 and 2.10.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"composer","product":"composer","versions":[{"version":">= 1.0, < 2.2.29","status":"affected"},{"version":">= 2.3.0, < 2.10.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:32:00.579490Z","id":"CVE-2026-59948","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/composer/composer/commit/502c6c4f699802d9cf464728b3e8a95674f919a0","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/commit/c50b1efd13ebd73f6dca19b31424c5a02bf93cc1","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/releases/tag/2.10.2","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/releases/tag/2.2.29","source":"security-advisories@github.com"},{"url":"https://github.com/composer/composer/security/advisories/GHSA-499r-g7pc-vmp9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-8649","sourceIdentifier":"security@progress.com","published":"2026-07-08T20:17:00.557","lastModified":"2026-07-10T19:34:37.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules).\n\nThis issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress","product":"MOVEit Transfer","defaultStatus":"unaffected","modules":["Custom Reports"],"versions":[{"version":"2025.1.0","lessThan":"2025.1.3","versionType":"semver","status":"affected"},{"version":"0","lessThan":"2025.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:28:38.467051Z","id":"CVE-2026-8649","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.0.7","matchCriteriaId":"E1F696CA-EE0E-4665-8D8B-BE9F2214E50E"},{"vulnerable":true,"criteria":"cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.0","versionEndExcluding":"2025.1.3","matchCriteriaId":"B84E088D-58A8-436D-86CF-DAFA6EC4023C"}]}]}],"references":[{"url":"https://docs.progress.com/bundle/moveit-transfer-release-notes-2026/page/Fixed-Issues-in-2026.html","source":"security@progress.com","tags":["Vendor Advisory","Release Notes"]}]}},{"cve":{"id":"CVE-2026-0288","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-08T21:16:45.590","lastModified":"2026-07-10T15:45:17.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.\n\nThe security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .\n\nPanorama is not impacted by this vulnerability."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cloud NGFW","defaultStatus":"affected","platforms":["AWS","Azure"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]},{"vendor":"Palo Alto Networks","product":"PAN-OS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h28:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h33:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h37:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h36:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h35:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h34:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*","cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"12.1.0","lessThan":"12.1.8","versionType":"custom","status":"affected","changes":[{"at":"12.1.8","status":"unaffected"},{"at":"12.1.7-h2","status":"unaffected"},{"at":"12.1.4-h8","status":"unaffected"}]},{"version":"11.2.0","lessThan":"11.2.13","versionType":"custom","status":"affected","changes":[{"at":"11.2.13","status":"unaffected"},{"at":"11.2.10-h12","status":"unaffected"},{"at":"11.2.7-h18","status":"unaffected"},{"at":"11.2.4-h20","status":"unaffected"}]},{"version":"11.1.0","lessThan":"11.1.16","versionType":"custom","status":"affected","changes":[{"at":"11.1.16","status":"unaffected"},{"at":"11.1.13-h9","status":"unaffected"},{"at":"11.1.10-h30","status":"unaffected"},{"at":"11.1.7-h8","status":"unaffected"},{"at":"11.1.6-h35","status":"unaffected"},{"at":"11.1.4-h35","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.7-h36","versionType":"custom","status":"affected","changes":[{"at":"10.2.18-h8","status":"unaffected"},{"at":"10.2.16-h9","status":"unaffected"},{"at":"10.2.13-h23","status":"unaffected"},{"at":"10.2.10-h39","status":"unaffected"},{"at":"10.2.7-h36","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access","defaultStatus":"unaffected","versions":[{"version":"11.2.0","lessThan":"11.2.7-h18","versionType":"custom","status":"affected","changes":[{"at":"11.2.7-h18","status":"unaffected"}]},{"version":"10.2.0","lessThan":"10.2.10-h39","versionType":"custom","status":"affected","changes":[{"at":"10.2.10-h39","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T03:55:51.922548Z","id":"CVE-2026-0288","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.7","matchCriteriaId":"243077CD-5021-4DF3-8AC7-5B14F7FD9710"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.8","versionEndExcluding":"10.2.10","matchCriteriaId":"F5A3E6A6-EE04-409C-AE6F-FC1ACE4C4666"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.11","versionEndExcluding":"10.2.13","matchCriteriaId":"CD4B8D09-F2B3-4C9A-A583-46DE85D9D43E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.14","versionEndExcluding":"10.2.16","matchCriteriaId":"4386D092-83D6-4914-8C26-3A1EE056FEC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*","matchCriteriaId":"A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"EFB63AFC-C3EC-4D1A-BC4A-810662AD16BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"E67DEF1D-8674-41E8-AA07-0499DCCFD67A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"AA4994CB-6591-4B44-A5D7-3CDF540B97DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"71EB32DA-D82F-49DD-B06F-7F10F08F740E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"BF05E61D-0EC2-4755-8FCF-12E102A4D8FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"22ED8EDB-5549-4D29-90D2-FFE33D030912"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"A6AB7874-FE24-42AC-8E3A-822A70722126"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"61B69220-4155-4462-A133-CE7A54747B83"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*","matchCriteriaId":"34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*","matchCriteriaId":"0D88CC33-7E32-4E82-8A94-70759E910510"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"FA109AEA-0015-4EAA-BD86-F070FEEA2DF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h20:*:*:*:*:*:*","matchCriteriaId":"F90EF82F-1CC6-44B4-AFF9-02DF4EE84F81"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*","matchCriteriaId":"FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h22:*:*:*:*:*:*","matchCriteriaId":"6B4D43CC-1B4E-4380-B4A2-487870EFC5B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h23:*:*:*:*:*:*","matchCriteriaId":"DF7382E1-0678-40BC-8964-9D00F6C4C6F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*","matchCriteriaId":"28994519-3519-4E94-8D8B-7C4251A82B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"776E06EC-2FDA-4664-AB43-9F6BE9B897CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*","matchCriteriaId":"53981EA8-847F-4FBC-BA55-8EDF591E0FF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h34:*:*:*:*:*:*","matchCriteriaId":"8585BA8F-2AA0-4413-81A1-927FE523598C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h35:*:*:*:*:*:*","matchCriteriaId":"B12B5B2A-0F57-4D81-B6CE-050D1F183B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"20A2E1F0-8303-483F-9199-9FE257B8A228"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*","matchCriteriaId":"3AF4AB7F-F9B0-4DC4-BFC5-8FC60CE65A9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*","matchCriteriaId":"CBE09375-A863-42FF-813F-C20679D7C45C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"0247BDD2-714F-4FFD-9433-FEC7747B30D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"1311961A-0EF6-488E-B0C2-EDBD508587C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*","matchCriteriaId":"C779DF2B-D72A-4327-8AD8-3EA6751741F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*","matchCriteriaId":"03C5ABF2-8C53-4376-8A64-6CB34E18E77C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"64F22CCE-6EAF-403B-B522-C11085410C65"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FF7FCD8B-80DF-4004-A9D2-4EE884F089A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h11:*:*:*:*:*:*","matchCriteriaId":"15F5A583-A213-475E-8305-B8087DADCABF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*","matchCriteriaId":"83C9637A-B615-4CC2-84AA-BDCFE611484C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h13:*:*:*:*:*:*","matchCriteriaId":"7EB3881C-B255-41AD-B61F-C14743824A3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*","matchCriteriaId":"224270A7-767D-433B-AD51-C031506747C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*","matchCriteriaId":"A532EFC6-A883-4279-8C05-9CD600B3F963"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*","matchCriteriaId":"F4F20C02-DF90-4609-9254-B765481C83E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"872BC747-512A-4872-AC86-E7F1DC589F47"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*","matchCriteriaId":"E5E36C87-E01D-49DC-AB73-10E5EE27F596"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*","matchCriteriaId":"39437442-B24D-492F-B637-2203492327FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"67F527D0-F85B-4B83-AEA5-BA636FC89210"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*","matchCriteriaId":"984BE1FB-ADB7-4831-AEDD-39DBAED078B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*","matchCriteriaId":"AF2C954D-9763-41E3-A132-F83C82E79BC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h36:*:*:*:*:*:*","matchCriteriaId":"A963ECCF-0B20-4395-A8B0-BFFCD62598C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h37:*:*:*:*:*:*","matchCriteriaId":"F9242B47-DB67-4156-8165-A2198289EAAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"6CF8F985-7E51-49E6-857A-FAAF027F5611"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"B437DCEA-ABA3-41CA-B320-97EC430F1122"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"223673C1-9327-4C12-BF02-7447D2CAD16C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"593AFE7A-CB37-4156-A2B8-646A317F3176"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*","matchCriteriaId":"C2B871A6-0636-42A0-9573-6F693D7753AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*","matchCriteriaId":"F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*","matchCriteriaId":"F3F8462A-71C0-4F81-9882-C73BC90697CA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h15:*:*:*:*:*:*","matchCriteriaId":"85653992-4FBF-445C-881B-5F2494B597BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*","matchCriteriaId":"C1B72E68-2D01-483F-BEC5-59C49E96B976"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*","matchCriteriaId":"E49419C4-9AFE-4B7F-90EF-DB50EBB608D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*","matchCriteriaId":"60CE628F-C4CB-4342-8D71-DE61A089B612"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h21:*:*:*:*:*:*","matchCriteriaId":"7050FB97-DAA8-4A15-A253-23AADE921960"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h22:*:*:*:*:*:*","matchCriteriaId":"5EA595B2-C46B-4953-A306-2DB89E315286"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*","matchCriteriaId":"2447D2B1-A145-4036-B9F2-17648B193465"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*","matchCriteriaId":"C24353AF-DC81-49B9-9132-9EEC8E6009BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*","matchCriteriaId":"B4420489-AE0F-4A48-B2CE-C165BEBFA6A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*","matchCriteriaId":"C45D8DF1-9483-4B24-AB94-B1FF4A5F2606"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:-:*:*:*:*:*:*","matchCriteriaId":"BC38A9CD-CDB6-423A-BE8D-2E0E45A3B239"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h1:*:*:*:*:*:*","matchCriteriaId":"41B48ECA-FD05-4EA2-B1C9-771624EAAFF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h4:*:*:*:*:*:*","matchCriteriaId":"4D65D1F0-323E-41AF-962E-1F9741748A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h6:*:*:*:*:*:*","matchCriteriaId":"D5D41E00-D517-4B81-A7FC-C8E101884807"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h7:*:*:*:*:*:*","matchCriteriaId":"4607BEE9-193E-43A7-944C-031E956DAB85"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.16:h8:*:*:*:*:*:*","matchCriteriaId":"8DD4A357-D281-49E0-A85E-034947561F67"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.17:*:*:*:*:*:*:*","matchCriteriaId":"8A30968E-901A-49AE-94B0-C44A5257AADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h1:*:*:*:*:*:*","matchCriteriaId":"745A3A2A-73CF-4DC2-968B-ACFC66389E11"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h5:*:*:*:*:*:*","matchCriteriaId":"3A1E533E-DE4A-4F2F-A71A-FFF56E757087"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h6:*:*:*:*:*:*","matchCriteriaId":"BED53F8F-F46B-4522-91C1-A9CABD6B0A76"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:10.2.18:h7:*:*:*:*:*:*","matchCriteriaId":"CA746F4C-616D-43CC-AF74-C9895149557C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.0","versionEndExcluding":"11.1.4","matchCriteriaId":"459485B4-47FF-4A5F-9249-AE0445A0096A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.8","versionEndExcluding":"11.1.10","matchCriteriaId":"45D0EA32-45AE-4411-8E14-43B74715387C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.11","versionEndExcluding":"11.1.13","matchCriteriaId":"D9CE1AA7-46F4-4740-BF21-EE6732134D57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.1.14","versionEndExcluding":"11.1.16","matchCriteriaId":"7CE88EF0-36D2-44ED-AD30-7870BBAAC77F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*","matchCriteriaId":"DF83EAA1-49E1-4AD0-A049-F1B3065950BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*","matchCriteriaId":"BE3F7369-9F35-409A-9F47-45A959592DFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h10:*:*:*:*:*:*","matchCriteriaId":"6650937C-D778-4B5D-AA28-E7DA96DDAB7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h11:*:*:*:*:*:*","matchCriteriaId":"DB835E23-6984-413D-A870-8734E626D219"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h12:*:*:*:*:*:*","matchCriteriaId":"FD247097-EEC7-48E7-9C14-3314900BD5F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h13:*:*:*:*:*:*","matchCriteriaId":"FD701663-4C57-4115-BD59-9DFFB504E2AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h15:*:*:*:*:*:*","matchCriteriaId":"82816C09-6A9D-4AB2-AA55-62CC714CCA82"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h17:*:*:*:*:*:*","matchCriteriaId":"A5A3CEBF-9F8A-47F9-A302-7C395F2A8146"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h18:*:*:*:*:*:*","matchCriteriaId":"A79B51D2-74E8-4BA3-AE33-829A9C1776E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"83A04AA3-4B6C-4B75-9797-74FA230FD299"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h25:*:*:*:*:*:*","matchCriteriaId":"E08297B1-95E9-4730-B59D-252B958C4199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h27:*:*:*:*:*:*","matchCriteriaId":"B56B153E-8693-4257-9E33-38904A949ED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"AECB34F6-76F3-46E4-8F08-8570247AC281"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h32:*:*:*:*:*:*","matchCriteriaId":"A220ED95-5E1A-45AA-85BD-8A58CFC6C697"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h33:*:*:*:*:*:*","matchCriteriaId":"70C9CB1D-2512-48E7-B8B2-6F6A4A23E0A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h34:*:*:*:*:*:*","matchCriteriaId":"003AE721-D537-442E-8F34-291877B792F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*","matchCriteriaId":"E9DB4DA9-2262-4E9E-B3A1-49D261D01295"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"552C1E17-E4A7-462C-97E4-AF14C00B89FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"1EB942A4-026C-494D-A1DD-96259354CB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"4852E738-990C-4DD2-8252-D4625D843A99"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h8:*:*:*:*:*:*","matchCriteriaId":"010E5816-BB0D-438B-A280-AF35B435DCFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h9:*:*:*:*:*:*","matchCriteriaId":"CB2C59F8-2583-4510-90F8-500F8329AFFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7C31ACD7-46AB-4092-89F3-7B4C9B642199"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*","matchCriteriaId":"52C50A07-F4D8-4F1F-BA61-3429BB1721BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h1:*:*:*:*:*:*","matchCriteriaId":"9D12FF27-C186-467C-8627-1284EBC67243"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h10:*:*:*:*:*:*","matchCriteriaId":"AF4AA997-35BC-4BC1-9EF2-644503B2D806"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h14:*:*:*:*:*:*","matchCriteriaId":"12EF4DDF-9773-4B02-8FF4-F94A1D49E6AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h17:*:*:*:*:*:*","matchCriteriaId":"8FAE17BB-7938-41D0-8D62-46F829C647BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h18:*:*:*:*:*:*","matchCriteriaId":"2682D64E-79A4-4522-8742-7EF1637764AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h19:*:*:*:*:*:*","matchCriteriaId":"6DA5A0AD-C4FB-4210-8651-F94F2875A0EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h2:*:*:*:*:*:*","matchCriteriaId":"45D633D7-A4B5-4D68-9BAB-D9BA25877F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h20:*:*:*:*:*:*","matchCriteriaId":"B79DB477-A907-4300-A651-16F93880B049"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h21:*:*:*:*:*:*","matchCriteriaId":"AF74D8FA-677F-484D-9338-A1761614FFD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h22:*:*:*:*:*:*","matchCriteriaId":"F9FC5118-4056-4E22-A1F0-D6FFA2B88472"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h23:*:*:*:*:*:*","matchCriteriaId":"5E7A808F-F52F-4786-950C-591CCADB2EE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h25:*:*:*:*:*:*","matchCriteriaId":"0CA82012-AA59-44C1-BB9D-0B28764D507E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h29:*:*:*:*:*:*","matchCriteriaId":"27233F80-A620-42D3-927D-4FCDE6345456"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h3:*:*:*:*:*:*","matchCriteriaId":"63729FA6-ED2A-4593-9436-232F282A0A78"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h32:*:*:*:*:*:*","matchCriteriaId":"33BF6023-0112-49BB-B378-6F4022B6A028"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h33:*:*:*:*:*:*","matchCriteriaId":"00F43B36-8EB6-4703-8C1E-A836B06767FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h34:*:*:*:*:*:*","matchCriteriaId":"6F6C4DE2-32FC-42C4-87E6-FCAD39322740"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h4:*:*:*:*:*:*","matchCriteriaId":"F39792EF-61B5-4874-9FD0-7544F8C5C0D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h6:*:*:*:*:*:*","matchCriteriaId":"4A06B6F4-DCAE-4115-93D4-25D0A37AAB9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:h7:*:*:*:*:*:*","matchCriteriaId":"91529C45-FA55-4844-A153-682F729F440D"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:-:*:*:*:*:*:*","matchCriteriaId":"A92886DF-C989-47AD-8F68-8F468BBC6E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h1:*:*:*:*:*:*","matchCriteriaId":"9893920B-A00E-4890-A897-EE1CF0751BA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h10:*:*:*:*:*:*","matchCriteriaId":"D1289923-12D8-4FDD-B18B-C52516F14922"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h12:*:*:*:*:*:*","matchCriteriaId":"AFC923D7-672D-4556-8344-BBD285324067"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h21:*:*:*:*:*:*","matchCriteriaId":"E1510DE9-04A3-4E08-872D-C0F6041BCFCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h25:*:*:*:*:*:*","matchCriteriaId":"2FA04925-5B8A-439E-AECD-1BDFD83F69C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h26:*:*:*:*:*:*","matchCriteriaId":"424C66D4-97F6-408A-B3AE-FE1A90E3ACE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h27:*:*:*:*:*:*","matchCriteriaId":"8AC1F50E-E6C2-4008-9955-7473DB169171"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h28:*:*:*:*:*:*","matchCriteriaId":"6748CF45-9C54-4BB8-936D-C96F0FCA71BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h4:*:*:*:*:*:*","matchCriteriaId":"31CD3B15-2CE0-404A-9542-9C39B8E71027"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h5:*:*:*:*:*:*","matchCriteriaId":"0194DA0B-041A-4810-8BFB-2308290517B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h7:*:*:*:*:*:*","matchCriteriaId":"69E64D86-034F-4BC7-9A4E-2703D834EBC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.10:h9:*:*:*:*:*:*","matchCriteriaId":"B992628F-1114-4FC8-9364-800ACE997044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:-:*:*:*:*:*:*","matchCriteriaId":"9223B0D4-6194-4684-8EF4-84A0EF511D8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h1:*:*:*:*:*:*","matchCriteriaId":"CB16C018-2B70-4F4D-9025-69FF82CD40F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h2:*:*:*:*:*:*","matchCriteriaId":"1259B519-130D-4584-86AA-E4EA1E89ACB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h3:*:*:*:*:*:*","matchCriteriaId":"0DCA6D54-E623-4985-B35F-AC98299828EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h5:*:*:*:*:*:*","matchCriteriaId":"8EF755C9-3BCE-4194-A74E-7D12F524929A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h6:*:*:*:*:*:*","matchCriteriaId":"7736DCE5-2943-4EF6-B9D3-B69CB59DB078"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h7:*:*:*:*:*:*","matchCriteriaId":"D9BA69E2-F499-422B-B07B-5211EF79EBEB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.1.13:h8:*:*:*:*:*:*","matchCriteriaId":"56E49A3E-D380-4243-B587-3E1519C0A40F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.4","matchCriteriaId":"7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.5","versionEndExcluding":"11.2.7","matchCriteriaId":"A52983E4-71BF-46D7-8A4A-D199F7DCAA36"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.8","versionEndExcluding":"11.2.10","matchCriteriaId":"85010E8F-E824-4C69-9B59-58DB01789ECB"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.11","versionEndExcluding":"11.2.13","matchCriteriaId":"EF47F7BA-3C75-4BE4-A82A-17F4D6880507"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*","matchCriteriaId":"C01AD190-F3C2-4349-A063-8C5C78B725B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*","matchCriteriaId":"30F4CD1C-6862-4279-8D2D-40B4D164222F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h10:*:*:*:*:*:*","matchCriteriaId":"8137F3AF-BA32-41BC-AD2E-A668FFA33892"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h11:*:*:*:*:*:*","matchCriteriaId":"8C977AF0-D2B0-401A-A7C5-A1C71AC3C072"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h12:*:*:*:*:*:*","matchCriteriaId":"B9C0A53F-2AFE-4B0D-AEC1-464E6001E02F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h14:*:*:*:*:*:*","matchCriteriaId":"D720448D-F40B-4C92-9101-A48AC36C9CBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h15:*:*:*:*:*:*","matchCriteriaId":"5F12F7AC-D5B3-499E-87DA-27427D8BFFC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h17:*:*:*:*:*:*","matchCriteriaId":"37F41E72-9690-4BB2-BD60-0B06A7DE2329"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h18:*:*:*:*:*:*","matchCriteriaId":"34E9893A-7ADF-4556-AA7C-D69162307950"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*","matchCriteriaId":"A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h3:*:*:*:*:*:*","matchCriteriaId":"6E46608E-682E-47B8-B810-8714571286C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h4:*:*:*:*:*:*","matchCriteriaId":"76949F0F-2ADC-492F-83F0-0A1B0E861F97"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h5:*:*:*:*:*:*","matchCriteriaId":"C1DD83BC-4E8E-4C1D-80C7-A6209B4E70CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h6:*:*:*:*:*:*","matchCriteriaId":"73888909-64C5-41BC-BAE0-BD9BDEEAF723"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h7:*:*:*:*:*:*","matchCriteriaId":"E7861D82-815D-4894-9E11-1B6B1E66CDEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h8:*:*:*:*:*:*","matchCriteriaId":"D269E33D-9A79-40CC-B79A-C9A398AB7AFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h9:*:*:*:*:*:*","matchCriteriaId":"9762E441-856F-466F-812C-798CA2EEF965"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:-:*:*:*:*:*:*","matchCriteriaId":"0A25C9D9-BC83-49AE-BEE7-EF05F8336B01"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h1:*:*:*:*:*:*","matchCriteriaId":"A93C2B58-EC78-4C3D-89FF-35D9C489E39F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h10:*:*:*:*:*:*","matchCriteriaId":"A32E35C0-913E-4348-8AD4-E1F169C40C92"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h11:*:*:*:*:*:*","matchCriteriaId":"39112398-2A93-4E26-A7DF-0E3FA81C5130"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h12:*:*:*:*:*:*","matchCriteriaId":"C88442D1-599F-411D-B7A2-E17AA839F177"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h13:*:*:*:*:*:*","matchCriteriaId":"B3B538CC-6EA0-4555-B828-18A55997F454"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h14:*:*:*:*:*:*","matchCriteriaId":"A50BD9F2-F961-4ACE-9FDB-456E92692AE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h15:*:*:*:*:*:*","matchCriteriaId":"DF22EEA1-B00E-4A5F-87FB-60AD7A5A762B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h16:*:*:*:*:*:*","matchCriteriaId":"825D883D-FB41-4E92-A6B5-EB34BFE36A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h17:*:*:*:*:*:*","matchCriteriaId":"2F4B0A4F-18B6-40F7-8445-9B51CF3E9AA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h2:*:*:*:*:*:*","matchCriteriaId":"D12C3EB6-842E-4378-896C-FDBB2BC75D10"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h3:*:*:*:*:*:*","matchCriteriaId":"86B41903-FF08-454D-B626-184CB73B122E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h4:*:*:*:*:*:*","matchCriteriaId":"396DC378-7716-40F6-88A4-99299A16CAF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h7:*:*:*:*:*:*","matchCriteriaId":"5E5C6E3A-262C-4212-B21C-00E8079AA8CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.7:h8:*:*:*:*:*:*","matchCriteriaId":"4C855108-D3C9-4DE3-B9F4-9735A0A439AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:-:*:*:*:*:*:*","matchCriteriaId":"051673AB-50BF-4DD0-8679-F5825520241A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h1:*:*:*:*:*:*","matchCriteriaId":"BAC15D8A-83CA-413F-BA2B-17EC2B169F6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h10:*:*:*:*:*:*","matchCriteriaId":"FEAE5273-8618-4DDF-810E-37BF0EDE970B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h2:*:*:*:*:*:*","matchCriteriaId":"70B3EB0C-87F1-46C2-B95C-C5808E473BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h3:*:*:*:*:*:*","matchCriteriaId":"073BF631-451B-4DFC-B23C-F0F68C2450F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h4:*:*:*:*:*:*","matchCriteriaId":"13AA1BEF-F2F6-4534-89F3-DF4E79217978"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h5:*:*:*:*:*:*","matchCriteriaId":"CBFDE611-4981-4D92-ABAF-858DF132535F"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h6:*:*:*:*:*:*","matchCriteriaId":"AAEA66F4-81AC-49C3-81B1-65EF5F16951A"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h7:*:*:*:*:*:*","matchCriteriaId":"09187411-13D4-4F5C-AF42-0716F3C96129"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h8:*:*:*:*:*:*","matchCriteriaId":"019D37D8-94E4-4228-BCE3-A08E842AE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:11.2.10:h9:*:*:*:*:*:*","matchCriteriaId":"7FE1FC3F-8682-4AB8-BF98-33783263952E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.2","versionEndExcluding":"12.1.4","matchCriteriaId":"43E1ADA0-0B71-4C1D-B53E-AA063BBCB827"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.5","versionEndExcluding":"12.1.7","matchCriteriaId":"D1EA4C4A-D7DC-4A63-B109-9C9328772E9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:-:*:*:*:*:*:*","matchCriteriaId":"8C1ADE94-3F05-48EE-94E0-FD6EB682705C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h2:*:*:*:*:*:*","matchCriteriaId":"F727C18E-1C8D-448A-954C-073294FBC65C"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h3:*:*:*:*:*:*","matchCriteriaId":"7E492BE6-EB2E-4616-85EA-3B389741301B"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h5:*:*:*:*:*:*","matchCriteriaId":"E5F85240-989D-4E2D-B2D0-F0F35E0590A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h6:*:*:*:*:*:*","matchCriteriaId":"3D64D659-40F8-4A02-8385-954BE50C22CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.4:h7:*:*:*:*:*:*","matchCriteriaId":"2320DB49-D6E3-44D1-AE4C-F1312CA542CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.7:-:*:*:*:*:*:*","matchCriteriaId":"CFE9B2D8-346B-4FC3-AFC8-3DC715B7C044"},{"vulnerable":true,"criteria":"cpe:2.3:o:paloaltonetworks:pan-os:12.1.7:h1:*:*:*:*:*:*","matchCriteriaId":"5D8051BF-DCD1-4AFD-B5C7-97D0AF135C6E"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49866","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:49.137","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronously iterate roughly 180,000 message IDs per 4 MB frame and block the Node.js event loop. This issue is fixed in version 16.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"libp2p","product":"js-libp2p","versions":[{"version":"< 16.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:37:59.412018Z","id":"CVE-2026-49866","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/libp2p/js-libp2p/commit/773dd80ded24dbd6b19e675c89fd2f3b45f2d899","source":"security-advisories@github.com"},{"url":"https://github.com/libp2p/js-libp2p/pull/3520","source":"security-advisories@github.com"},{"url":"https://github.com/libp2p/js-libp2p/releases/tag/gossipsub-v16.0.0","source":"security-advisories@github.com"},{"url":"https://github.com/libp2p/js-libp2p/security/advisories/GHSA-cwc9-cp4j-mcvv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54527","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:49.273","lastModified":"2026-07-10T19:05:27.310","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader() method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff in the Git History tab. This issue is fixed in version 0.54.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jupyterlab","product":"jupyterlab-git","versions":[{"version":">= 0.30.0b3, < 0.54.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:15:09.351241Z","id":"CVE-2026-54527","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/jupyterlab/jupyterlab-git/commit/c6d37b88f36aa59aee317930b95e427fb9d6b09b","source":"security-advisories@github.com"},{"url":"https://github.com/jupyterlab/jupyterlab-git/releases/tag/v0.54.0","source":"security-advisories@github.com"},{"url":"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-f962-v9hr-pfg5","source":"security-advisories@github.com"},{"url":"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-f962-v9hr-pfg5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54528","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:49.407","lastModified":"2026-07-10T19:03:20.407","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jupyterlab","product":"jupyterlab-git","versions":[{"version":"< 0.54.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:04:29.311015Z","id":"CVE-2026-54528","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"}]}],"references":[{"url":"https://github.com/jupyterlab/jupyterlab-git/commit/460035275b5963dc96e364e60ba6a73717fbd033","source":"security-advisories@github.com"},{"url":"https://github.com/jupyterlab/jupyterlab-git/releases/tag/v0.54.0","source":"security-advisories@github.com"},{"url":"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h","source":"security-advisories@github.com"},{"url":"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54590","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:49.523","lastModified":"2026-07-10T19:22:24.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before %u substitution in AuthorizedKeysFile but does not block a leading ~ or ${ENV}, allowing later expansion in _expand_val and Path(filename).expanduser() to escape the intended authorized-keys directory. This issue is fixed in version 2.23.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ronf","product":"asyncssh","versions":[{"version":"< 2.23.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:00:13.292812Z","id":"CVE-2026-54590","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/ronf/asyncssh/commit/3d515ba9ba0cd9990d248bdf62bcf05d51261a88","source":"security-advisories@github.com"},{"url":"https://github.com/ronf/asyncssh/releases/tag/v2.23.1","source":"security-advisories@github.com"},{"url":"https://github.com/ronf/asyncssh/security/advisories/GHSA-qr67-gv47-xwwh","source":"security-advisories@github.com"},{"url":"https://github.com/ronf/asyncssh/security/advisories/GHSA-qr67-gv47-xwwh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54591","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:49.657","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ traversal sequences because _parse_cd_args in scp.py returns server-provided names verbatim and _recv_files joins them to the destination path without enforcing the target directory boundary. This issue is fixed in version 2.23.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ronf","product":"asyncssh","versions":[{"version":"< 2.23.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:21:05.079234Z","id":"CVE-2026-54591","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/ronf/asyncssh/commit/d730803b8e4e94c20c7580d90f94d1e05f9f58de","source":"security-advisories@github.com"},{"url":"https://github.com/ronf/asyncssh/releases/tag/v2.23.1","source":"security-advisories@github.com"},{"url":"https://github.com/ronf/asyncssh/security/advisories/GHSA-2wxc-x7rj-hg8f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55195","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:49.840","lastModified":"2026-07-10T19:06:45.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress() extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expands to 100 MB to exhaust disk or memory before extraction completes. This issue is fixed in version 1.1.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"miurahr","product":"py7zr","versions":[{"version":"< 1.1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:05:14.472398Z","id":"CVE-2026-55195","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/miurahr/py7zr/commit/28faf107b64374fa5a02bfb93aa2024e281ca97b","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/releases/tag/v1.1.3","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/security/advisories/GHSA-gjrg-mpp7-g774","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/security/advisories/GHSA-gjrg-mpp7-g774","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55206","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:49.987","lastModified":"2026-07-10T19:07:46.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo._read() in archiveinfo.py used an O(n^2) cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted .7z archive to cause excessive CPU consumption during SevenZipFile.init() before extraction. This issue is fixed in version 1.1.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"miurahr","product":"py7zr","versions":[{"version":"< 1.1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:26:52.381780Z","id":"CVE-2026-55206","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://github.com/miurahr/py7zr/commit/d7aa3a197d15c75a65b24f796d3a69f83806d3f8","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/releases/tag/v1.1.3","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/security/advisories/GHSA-h4gh-22qq-72r7","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/security/advisories/GHSA-h4gh-22qq-72r7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55542","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:50.117","lastModified":"2026-07-10T19:48:18.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:27:48.122702Z","id":"CVE-2026-55542","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.0","matchCriteriaId":"698F7E88-EE9A-464A-AB75-BFD87E4AF0D2"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/commit/ded6515cbc27a28f07395da318483c2e96263259","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-6mmj-jhqj-6c6q","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55596","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:50.247","lastModified":"2026-07-10T19:06:45.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as a javascript: iframe source that the registry MediaEmbedElement renders directly as an iframe src when a victim opens the document. This issue is fixed in version 53.1.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"udecode","product":"plate","versions":[{"version":">= 53.0.0, < 53.1.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:40:39.729677Z","id":"CVE-2026-55596","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/udecode/plate/commit/6214914ca811adf22d0ad503154494216eed68ba","source":"security-advisories@github.com"},{"url":"https://github.com/udecode/plate/pull/5014","source":"security-advisories@github.com"},{"url":"https://github.com/udecode/plate/releases/tag/v53.1.4","source":"security-advisories@github.com"},{"url":"https://github.com/udecode/plate/security/advisories/GHSA-qj6x-xx2h-8hvv","source":"security-advisories@github.com"},{"url":"https://github.com/udecode/plate/security/advisories/GHSA-qj6x-xx2h-8hvv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55778","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:50.387","lastModified":"2026-07-10T19:06:45.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default fileUpload.fileExtensions blocklist could be bypassed by uploading a file with a non-standard or compound extension and dangerous content type, allowing storage adapters such as S3 and GCS to serve attacker-supplied active content and enable stored cross-site scripting. This issue is fixed in versions 9.9.1-alpha.11 and 8.6.81."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"parse-community","product":"parse-server","versions":[{"version":">= 9.0.0-alpha.1, < 9.9.1-alpha.11","status":"affected"},{"version":"< 8.6.81","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:39:32.908358Z","id":"CVE-2026-55778","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/parse-community/parse-server/commit/97c6a78d19f976ec756c1295f08a8fccab90799a","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/commit/be12a60d65b6e140481882037fb896b1f951df50","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/pull/10505","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/pull/10506","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.81","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/releases/tag/9.9.1-alpha.11","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-v8x7-r927-cc93","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56669","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:50.690","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of unique key-value pairs and allowing CPU exhaustion. This issue is fixed in version 1.4.29."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"elysiajs","product":"elysia","versions":[{"version":"< 1.4.29","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:01:58.719561Z","id":"CVE-2026-56669","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"},{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://gist.github.com/jviide/ea040eabe7bac058326174e2cd42dfd9","source":"security-advisories@github.com"},{"url":"https://github.com/elysiajs/elysia/commit/8358ff9efbcedf9534995f5977f26b9ceab59329","source":"security-advisories@github.com"},{"url":"https://github.com/elysiajs/elysia/releases/tag/1.4.29","source":"security-advisories@github.com"},{"url":"https://github.com/elysiajs/elysia/security/advisories/GHSA-9643-4qgh-g8mx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57480","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:50.890","lastModified":"2026-07-10T19:07:46.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.12 and 8.6.82, deeply nested $or, $and, and $nor query condition operators in the REST API or LiveQuery query handling could trigger exponential-time processing in the internal query-traversal helper and block the Node.js event loop. This issue is fixed in versions 9.9.1-alpha.12 and 8.6.82."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"parse-community","product":"parse-server","versions":[{"version":">= 9.0.0-alpha.1, < 9.9.1-alpha.12","status":"affected"},{"version":"< 8.6.82","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:43:00.734926Z","id":"CVE-2026-57480","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://github.com/parse-community/parse-server/commit/0f5d2ad77b422dc904458254548be87397fc6e9b","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/commit/1103c7a890e0455ba3dccd4bc5db17efe1789c9a","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/pull/10511","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/pull/10512","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.82","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/releases/tag/9.9.1-alpha.12","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-cgxm-vr2f-6fj8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57481","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:51.043","lastModified":"2026-07-10T19:07:46.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber's ACL read access, because leave and enter events included the wrong object state. This issue is fixed in versions 9.9.1-alpha.13 and 8.6.83."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"parse-community","product":"parse-server","versions":[{"version":">= 9.0.0-alpha.1, < 9.9.1-alpha.13","status":"affected"},{"version":"< 8.6.83","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:14:06.415177Z","id":"CVE-2026-57481","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/parse-community/parse-server/commit/c9b24cecfee76d8563019adaacbcbd78471dc41e","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/commit/e9c85dfe40a866a55ebae3b6ae56285ac0a22e64","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/pull/10515","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/pull/10516","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/releases/tag/8.6.83","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/releases/tag/9.9.1-alpha.13","source":"security-advisories@github.com"},{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-97pr-9hgg-3p8r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58191","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:52.013","lastModified":"2026-07-10T19:13:03.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally mounts the /test/guinea-pig, /test/guinea-pig-scrollable, and /test/guinea-pig-app-banner routes, and compileLodashTemplate reflects the throwError query parameter, comments POST field, and User-Agent request header into HTML without escaping, allowing reflected cross-site scripting and arbitrary JavaScript execution on the server origin. This issue is fixed in version 10.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"appium","product":"appium","versions":[{"version":"< 10.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:21:03.360978Z","id":"CVE-2026-58191","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-489"}]}],"references":[{"url":"https://github.com/appium/appium/security/advisories/GHSA-3wgp-x9p5-c7cc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58192","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:52.150","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage plugin exposes POST /storage/delete, whose handler passes the user-supplied name value directly into path.join(storageRoot, name) and fs.rimraf() without path sanitization, allowing an unauthenticated remote client to escape the storage root with ../ sequences and recursively delete arbitrary writable files or directories. This issue is fixed in version 1.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"appium","product":"appium","versions":[{"version":"< 1.1.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:11:43.271551Z","id":"CVE-2026-58192","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/appium/appium/commit/5fee01752f2782e96fbe64fd13520b433d4a7535","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/pull/22362","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/releases/tag/%40appium/storage-plugin%401.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/security/advisories/GHSA-jwgx-mp9m-jwcr","source":"security-advisories@github.com"},{"url":"https://github.com/appium/appium/security/advisories/GHSA-jwgx-mp9m-jwcr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58494","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T21:16:54.000","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bytecodealliance","product":"wasmtime","versions":[{"version":"< 24.0.11","status":"affected"},{"version":">= 25.0.0, < 36.0.12","status":"affected"},{"version":">= 37.0.0, < 45.0.3","status":"affected"},{"version":">= 46.0.0, < 46.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:28:46.718754Z","id":"CVE-2026-58494","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-281"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/bytecodealliance/wasmtime/commit/5ddfd5f1ef28f2041fa07d237ad0336e167b0e0c","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/commit/7db94cdcf0c79cb3dfde884b534b653f2dd83367","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/commit/8a250aac0962ca1364b5f16525720e9d0b39edcd","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/commit/d3ceb56ec35f39e02496eeb4e2d9c7f4fb964d9e","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v24.0.11","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v36.0.12","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v45.0.3","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/releases/tag/v46.0.1","source":"security-advisories@github.com"},{"url":"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44025","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.473","lastModified":"2026-07-10T19:01:51.670","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin in_monitor_agent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related endpoints unintentionally include internal instance variables that may contain database passwords, API keys, or cloud credentials. This issue is fixed in version 1.19.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fluent","product":"fluentd","versions":[{"version":"< 1.19.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:47:05.851155Z","id":"CVE-2026-44025","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/990921518971699b9a97441970674d1800e29177","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/pull/5392","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/releases/tag/v1.19.3","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-pr7j-96cj-549h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48492","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:14.870","lastModified":"2026-07-10T19:46:50.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This exposes usernames, display names, employee numbers, and user IDs for every active account in the system if FMCS is not enabled, and within the company they belong to if FMCS is enabled. Version 8.6.1 contains a patch."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:17:23.239977Z","id":"CVE-2026-48492","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.0","matchCriteriaId":"698F7E88-EE9A-464A-AB75-BFD87E4AF0D2"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/commit/4f943d4a7ab8e53f3d9e32770602d1118bab005f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-f3c5-6cw8-fg57","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55470","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:15.377","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches() in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matches(sw) without RegexTimeout protection while replaceMatches() was updated, allowing an unauthenticated attacker to trigger catastrophic regex backtracking and exhaust server CPU. This issue is fixed in version 6.9.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapifhir","product":"org.hl7.fhir.core","versions":[{"version":"< 6.9.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:58:52.590744Z","id":"CVE-2026-55470","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/hapifhir/org.hl7.fhir.core/commit/56376f7986222626af061ca7fc27ee1ab030e590","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.9.10","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fxj4-p9xp-37v5","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fxj4-p9xp-37v5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55471","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:15.520","lastModified":"2026-07-10T18:01:31.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform(...) overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl() without ACCESS_EXTERNAL_DTD or ACCESS_EXTERNAL_STYLESHEET restrictions, allowing an attacker who controls or can tamper with transformed XML to trigger XML External Entity injection for local file disclosure and blind XXE or SSRF to arbitrary URLs reachable from the host. This issue is fixed in version 6.9.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hapifhir","product":"org.hl7.fhir.core","versions":[{"version":"< 6.9.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:26:09.323278Z","id":"CVE-2026-55471","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://github.com/hapifhir/org.hl7.fhir.core/commit/01ca2ecdefec9b33204d2495fe78af8c0dc52298","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.9.10","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-2f55-g35j-5jmf","source":"security-advisories@github.com"},{"url":"https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-2f55-g35j-5jmf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55830","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:15.653","lastModified":"2026-07-10T19:06:45.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted positional-only arguments, allowing __getattr__, _getitem_, _write_, or _print_ to be shadowed by a local parameter and bypass the embedding application's access policy. This issue is fixed in version 8.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zopefoundation","product":"RestrictedPython","versions":[{"version":"< 8.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.7,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:46:05.231227Z","id":"CVE-2026-55830","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/zopefoundation/RestrictedPython/commit/3737596ec9f28c34a073cc845bd2f4c0a80cb671","source":"security-advisories@github.com"},{"url":"https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-ffg3-p8fm-mjx2","source":"security-advisories@github.com"},{"url":"https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-ffg3-p8fm-mjx2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55849","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:15.783","lastModified":"2026-07-10T19:15:21.853","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npm_execpath is unset or empty, allowing arbitrary OS command execution with the privileges of the invoking user. This issue is fixed in version 5.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"CycloneDX","product":"cyclonedx-node-npm","versions":[{"version":">= 2.1.0, < 5.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:36:34.180471Z","id":"CVE-2026-55849","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/CycloneDX/cyclonedx-node-npm/commit/9f646253f4263d8644dadb86e5597fad996f688f","source":"security-advisories@github.com"},{"url":"https://github.com/CycloneDX/cyclonedx-node-npm/pull/1476","source":"security-advisories@github.com"},{"url":"https://github.com/CycloneDX/cyclonedx-node-npm/releases/tag/v5.0.0","source":"security-advisories@github.com"},{"url":"https://github.com/CycloneDX/cyclonedx-node-npm/security/advisories/GHSA-v75r-vx73-82pj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55877","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:15.920","lastModified":"2026-07-10T19:13:03.283","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux_icon() Twig function is marked is_safe=['html'] and Icon::toHtml() inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested script elements, on* event handlers, or dangerous URL schemes to execute cross-site scripting. This issue is fixed in versions 2.36.1 and 3.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 2.17.0, < 2.36.1","status":"affected"},{"version":">= 3.0.0, < 3.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:21:00.657899Z","id":"CVE-2026-55877","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/3a4964ec3700f0af4e13f7bfbf8bb3174c3e79d1","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.1","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-6v8j-33hc-mv84","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55878","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T22:17:16.050","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative() accepts paths like ../../../etc, a crafted or compromised kit can write attacker-controlled content to arbitrary locations or read local files outside the recipe directory. This issue is fixed in versions 2.36.1 and 3.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"symfony","product":"ux","versions":[{"version":">= 2.32.0, < 2.36.1","status":"affected"},{"version":">= 3.0.0, < 3.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:18:56.012444Z","id":"CVE-2026-55878","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/symfony/ux/commit/7b4ddf3764bf269a1b5fde5bf03c4bce568694e4","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v2.36.1","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/releases/tag/v3.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/symfony/ux/security/advisories/GHSA-p9xj-fpr2-jf2q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54773","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T23:16:54.960","lastModified":"2026-07-10T15:16:41.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"CoreWCF","product":"CoreWCF","versions":[{"version":">= 1.9.0, < 1.9.1","status":"affected"},{"version":"< 1.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:12.419821Z","id":"CVE-2026-54773","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","source":"security-advisories@github.com"},{"url":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59723","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T23:16:56.440","lastModified":"2026-07-10T19:17:58.040","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local 127.0.0.1 binds, isAuthorizedBrowserRequest() allows attacker-controlled websites to send desktopCommand frames that read workspace state, mutate MCP and provider settings, and trigger command execution when a provider or model is configured. This issue is fixed in version 3.0.30."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cline","product":"cline","versions":[{"version":"< 3.0.30","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-59723","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/cline/cline/commit/d09270940f5746f288cfc4a5039b46a2f4d5d01e","source":"security-advisories@github.com"},{"url":"https://github.com/cline/cline/pull/11724","source":"security-advisories@github.com"},{"url":"https://github.com/cline/cline/releases/tag/cli-v3.0.30","source":"security-advisories@github.com"},{"url":"https://github.com/cline/cline/security/advisories/GHSA-3cj3-hqcr-g934","source":"security-advisories@github.com"},{"url":"https://github.com/cline/cline/security/advisories/GHSA-3cj3-hqcr-g934","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56458","sourceIdentifier":"psirt@hcl.com","published":"2026-07-09T10:16:26.967","lastModified":"2026-07-10T16:00:03.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL DevOps Deploy","defaultStatus":"unaffected","versions":[{"version":"8.1-8.1.2.6, 8.2-8.2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:34:18.620355Z","id":"CVE-2026-56458","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.1.2.7","matchCriteriaId":"887DBB0F-75F9-4D4E-ABE7-0346291F5F07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0.0","versionEndExcluding":"8.2.2.0","matchCriteriaId":"B77F76EE-7E45-43CA-B92F-2D3E770E7459"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131695","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56459","sourceIdentifier":"psirt@hcl.com","published":"2026-07-09T10:16:27.093","lastModified":"2026-07-10T15:55:49.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"HCL DevOps Deploy / HCL Launch","defaultStatus":"unaffected","versions":[{"version":"7.3-7.3.2.18, 8.0-8.0.1.13, 8.1-8.1.2.6, 8.2-8.2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T12:37:02.972180Z","id":"CVE-2026-56459","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndExcluding":"8.0.1.14","matchCriteriaId":"268184CF-7A79-494C-BAA7-DDD43572A611"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.1.2.7","matchCriteriaId":"887DBB0F-75F9-4D4E-ABE7-0346291F5F07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_devops_deploy:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0.0","versionEndExcluding":"8.2.2.0","matchCriteriaId":"B77F76EE-7E45-43CA-B92F-2D3E770E7459"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0.0","versionEndExcluding":"7.3.2.19","matchCriteriaId":"D3CD5E06-0635-40CE-BD51-1A77EE96EF12"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131696","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12593","sourceIdentifier":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","published":"2026-07-09T14:16:26.713","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so.\n\n\n\n\n\nPrecondition for successful exploitation was a preexisting internal user (with more privileges than the attacker), the attacker knowing its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker would then have had to forge a token creation API request on behalf of the other user and could have authenticated and finalized the token creation with their own OAuth/OIDC credentials. In the worst case, this would mean an attacker could have become Dashboard Administrator and been able to perform all administrative actions if the preexisting internal user had administrative privileges. In combination with a separate weakness, this could have further led to code execution on the host system running the Dashboard with the privileges of the OS-User running the Dashboard server."}],"affected":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","affectedData":[{"vendor":"Qt","product":"Axivion","defaultStatus":"unaffected","modules":["Dashboard OIDC/OAuth2/SSO subsystem"],"versions":[{"version":"7.8.5","lessThanOrEqual":"7.8.12","versionType":"custom","status":"affected"},{"version":"7.9.0","lessThan":"7.9.13","versionType":"custom","status":"affected"},{"version":"7.10.0","lessThan":"7.10.11","versionType":"custom","status":"affected"},{"version":"7.11.0","lessThan":"7.11.7","versionType":"custom","status":"affected"},{"version":"7.12.0","lessThan":"7.12.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:20:08.451329Z","id":"CVE-2026-12593","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://wiki.qt.io/List_of_known_vulnerabilities_in_Qt_products#CVE-2026-12593","source":"a59d8014-47c4-4630-ab43-e1b13cbe58e3"}]}},{"cve":{"id":"CVE-2026-60094","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T14:16:35.247","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked body_len field to the agentlink_server service. Attackers can craft a malicious packet that passes an attacker-controlled length directly to recv(), triggering a heap overflow of up to approximately 4 GiB and resulting in process crash or potential memory corruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vinchin","product":"Backup & Recovery 9.0","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"9.0.0.86562","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:43:10.187862Z","id":"CVE-2026-60094","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://code-white.com/public-vulnerability-list/","source":"disclosure@vulncheck.com"},{"url":"https://www.vinchin.com/news/vinchin-backup-recovery-9-0.html","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vinchin-backup-recovery-heap-buffer-overflow-via-agentlink-server","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-60095","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T14:16:35.390","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlink_server service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized _listen_uuid field that is measured via strlen() and copied without bounds checking into a fixed-length stack buffer using strcpy(). Attackers can send a crafted request with a malicious _listen_uuid value to corrupt the stack and achieve process crash or potential control flow hijack without requiring authentication."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vinchin","product":"Backup & Recovery 9.0","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"9.0.0.86562","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T13:37:43.304739Z","id":"CVE-2026-60095","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://code-white.com/public-vulnerability-list/","source":"disclosure@vulncheck.com"},{"url":"https://www.vinchin.com/news/vinchin-backup-recovery-9-0.html","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vinchin-backup-recovery-stack-buffer-overflow-via-modulehandshake","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56292","sourceIdentifier":"security@joomla.org","published":"2026-07-09T15:16:37.937","lastModified":"2026-07-10T20:19:47.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"acymailing.com","product":"acymailing.com AcyMailing extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-10.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:38:44.551666Z","id":"CVE-2026-56292","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:joomla\\!:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"10.11.1","matchCriteriaId":"74A0980A-A73E-4600-845C-9254A06D0922"}]}]}],"references":[{"url":"https://mysites.guru/blog/acymailing-sql-injection-disclosure/","source":"security@joomla.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.acymailing.com/","source":"security@joomla.org","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-11404","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T16:16:34.640","lastModified":"2026-07-10T18:46:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated attacker can send a single crafted ClientHello with an oversized session id length to read past the receive buffer, crashing any HTTPS, MQTTS, or WSS service built on MG_TLS_BUILTIN."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cesanta","product":"Mongoose","defaultStatus":"affected","versions":[{"version":"0","lessThan":"7.22","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T16:09:47.106576Z","id":"CVE-2026-11404","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/cesanta/mongoose","source":"disclosure@vulncheck.com"},{"url":"https://github.com/cesanta/mongoose/commit/c288ac1f38424ffdd4d2fd5e1893fd4962642db3","source":"disclosure@vulncheck.com"},{"url":"https://github.com/cesanta/mongoose/releases/tag/7.22","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cesanta-mongoose-out-of-bounds-read-in-mg-tls-builtin-clienthello-session-id-parsing","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-15308","sourceIdentifier":"cna@python.org","published":"2026-07-09T17:16:58.260","lastModified":"2026-07-10T20:07:52.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The incremental HTML parser (html.parser.HTMLParser) allows for CPU\ndenial-of-service through repeated unterminated markup declarations when\nprocessing uncontrolled data."}],"affected":[{"source":"cna@python.org","affectedData":[{"vendor":"Python Software Foundation","product":"CPython","defaultStatus":"unaffected","modules":["html.parser","html"],"repo":"https://github.com/python/cpython","versions":[{"version":"0","lessThan":"3.15.0","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:31:19.781935Z","id":"CVE-2026-15308","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@python.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionEndExcluding":"3.15.0","matchCriteriaId":"43B0671A-35BB-4EE4-8A68-E79B62A75547"}]}]}],"references":[{"url":"https://github.com/python/cpython/commit/07efb08123ba9367a7107325adb9d5626dca1ca9","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/commit/7933f4bf7131aa4140750f9404f5de0aa2969ced","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/commit/bcf98ddbc40ec9b3ee87da0124a5660b19b7e606","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/commit/e9f92ac0b298292e7ff998e52cb8ccacfb27a0bd","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/issues/153030","source":"cna@python.org","tags":["Patch"]},{"url":"https://github.com/python/cpython/pull/153031","source":"cna@python.org","tags":["Issue Tracking","Patch"]},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/F6453LWKSHKCTWFLCOURWPLETNUIW2Z5/","source":"cna@python.org","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/09/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-51597","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.333","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without knowledge of the device credentials, gaining unauthorized access to the live video stream."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:26:33.701049Z","id":"CVE-2026-51597","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_5th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_5th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51598","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.457","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n) allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:39:53.433998Z","id":"CVE-2026-51598","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_6th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_6th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51599","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.577","lastModified":"2026-07-10T18:53:55.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:25:30.505749Z","id":"CVE-2026-51599","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_7th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/MERCURY_MIPC252W/MERCURY_MIPC252W_7th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51600","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.693","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (including DESCRIBE, SETUP, and PLAY methods). When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting state, causing the affected TCP connection to become permanently non-functional. The device does not actively close the connection, resulting in a TCP resource leak. This issue can be exploited by an unauthenticated remote attacker to cause a denial-of-service condition."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:42:46.812864Z","id":"CVE-2026-51600","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-703"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0/Tenda_CP3_V3.0_1th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0/Tenda_CP3_V3.0_1th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51601","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.810","lastModified":"2026-07-10T18:16:22.480","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handshake can send a PLAY request with an excessively long clock= value to cause the RTSP service to crash."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:24:24.016473Z","id":"CVE-2026-51601","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_2th/README.md","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51602","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:16:59.930","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the first SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:45:35.376992Z","id":"CVE-2026-51602","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_3th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_3th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51603","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:00.867","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a valid session ID, the RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the subsequent SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:46:53.587832Z","id":"CVE-2026-51603","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_4th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_4th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51604","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:00.970","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:34:40.326951Z","id":"CVE-2026-51604","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_6th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_6th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51605","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:01.070","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991) allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:37:50.604676Z","id":"CVE-2026-51605","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_7th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_7th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-51606","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T17:17:01.173","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response. This behavior affects the request-line URL field and header field values across multiple RTSP request types."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:50:27.092634Z","id":"CVE-2026-51606","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_5th/README.md","source":"cve@mitre.org"},{"url":"https://github.com/kkkk2222874/cve_ID_report/blob/main/Tenda_CP3_V3.0/Tenda_CP3_V3.0_5th/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53987","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-09T17:17:01.277","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent() without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update rights can set a tag name containing HTML, which then executes in the browser of any user who opens the Kanban view of a ticket, problem, change, or project the tag is attached to."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Tag plugin","product":"GLPI 11","defaultStatus":"unaffected","versions":[{"version":"2.6.0","lessThan":"2.14.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:48:51.132634Z","id":"CVE-2026-53987","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/pluginsGLPI/tag","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pluginsGLPI/tag/commit/49e6b6eb5f83bcd84139a5e5ec54c0ddd14acc90","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pluginsGLPI/tag/releases/tag/2.14.4","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pluginsGLPI/tag/security/advisories/GHSA-6rpj-89c7-x2mh","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-59212","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:01.903","lastModified":"2026-07-10T19:59:36.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _verify_knowledge_file_access only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user with read-only knowledge file access to upgrade to file write or delete operations. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.9.6, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:21:19.508648Z","id":"CVE-2026-59212","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:0.9.6:*:*:*:*:*:*:*","matchCriteriaId":"3A3BDBAE-A293-4D45-AD59-A8924BBEBCB5"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/17df0264929514599dbcb21c6578bcdfa204b04d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26032","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-2xwm-4h2q-ggfx","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59213","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.030","lastModified":"2026-07-10T19:49:23.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, get_all_models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of key_builder, causing permission-filtered per-user model lists to share a static cache entry and exposing one user’s model list to another caller during the TTL window. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.6.27, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:52:02.458867Z","id":"CVE-2026-59213","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.6.27","versionEndExcluding":"0.10.0","matchCriteriaId":"8378007E-9B19-40C9-A6DD-A34617BDC68D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/0fc630b34b2899599dabffffa012afd47599aa75","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/25783","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-3wp3-xxj9-5jqq","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-3wp3-xxj9-5jqq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59214","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.177","lastModified":"2026-07-10T19:24:29.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue authenticated same-origin requests when a victim clicks Run, which can reach admin-only endpoints and execute server-side code through configured tools. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:12:24.665545Z","id":"CVE-2026-59214","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-4r2p-27mh-5m22","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59218","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.750","lastModified":"2026-07-10T18:30:58.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than missing-email attempts and allowing unauthenticated account enumeration. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:50:34.890081Z","id":"CVE-2026-59218","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/993e74912199c66c522f08ec81abe31d76985e39","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26385","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-7rw5-9f7q-xj36","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59219","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:02.877","lastModified":"2026-07-10T18:17:21.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0 with Redis configured, Socket.IO connect, user-join, join-channels, join-note, and the terminal websocket first-message authentication used decode_token without the Redis-backed is_valid_token revocation check, allowing revoked JWTs to continue authenticating realtime connections. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.9.0, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:30:33.951998Z","id":"CVE-2026-59219","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.0","versionEndExcluding":"0.10.0","matchCriteriaId":"95D3836B-989D-4770-A676-6C74C5424D45"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/33b91bd8ae8a100a5a306c91441a7d0b422c4cde","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory","Exploit"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-855v-hq7w-jmjw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Mitigation","Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-59220","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.040","lastModified":"2026-07-10T18:15:48.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILL_MENTION_RE and strip_re regular expressions in backend/open_webui/utils/middleware.py parsed <$skillId|label> skill mentions with overlapping quantifiers, allowing an authenticated chat message containing <$ without a closing > to trigger quadratic backtracking and block the asyncio event loop. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.9.2, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:44:56.824119Z","id":"CVE-2026-59220","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.2","versionEndExcluding":"0.10.0","matchCriteriaId":"8C0615CD-2CE5-4805-A9C4-3B867D0844F3"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/61a26722155ec6ee1b629cf8dfcf975098c18331","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-ffpj-xv5c-p3gw","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-ffpj-xv5c-p3gw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59222","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.353","lastModified":"2026-07-10T17:43:06.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook configuration, allowing a normal channel participant to retrieve other users’ sensitive settings. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":">= 0.7.0, < 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:29:10.232667Z","id":"CVE-2026-59222","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionStartIncluding":"0.7.0","versionEndExcluding":"0.10.0","matchCriteriaId":"9A628EE1-DB35-4BAF-88D2-CB406E544135"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/fbcdcf146b99b5002705060a8243eee769108f9e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gh7p-78x6-jw6m","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-gh7p-78x6-jw6m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59223","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.603","lastModified":"2026-07-10T17:39:40.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEB_FETCH_FILTER_LIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL path and sibling-domain matches that did not reflect the intended hostname policy. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T17:52:51.423655Z","id":"CVE-2026-59223","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/087878ce848a4d828012068b5997dac480f43656","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/25949","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-qg3f-8x3j-ggf2","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59224","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T17:17:03.770","lastModified":"2026-07-10T15:22:04.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/open_webui/routers/terminals.py built the ws_terminal upstream URL from an unencoded session_id and appended user_id as a query parameter, allowing query injection to make the terminal backend resolve another user identity; the HTTP proxy path also forwarded X-User-Id as an integrity-unbound identity claim. This issue is fixed in version 0.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-59224","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.0","matchCriteriaId":"9DB3F1BC-1DFD-4289-B2DD-E24AA7B98BA1"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/commit/5f3a628a8d291bb5d33e1a0b0c89fb62a2927934","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/open-webui/open-webui/pull/26042","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/open-webui/open-webui/releases/tag/v0.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-j657-m4c4-24jq","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59720","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T18:16:57.063","lastModified":"2026-07-10T19:15:15.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without authentication and potentially expose sensitive API data. This issue is fixed in version 2026.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hoppscotch","product":"hoppscotch","versions":[{"version":"< 2026.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:28:40.126129Z","id":"CVE-2026-59720","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/hoppscotch/hoppscotch/commit/e4332110d455a3012d5c77a9186bc4aa096e34f2","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/pull/6410","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/releases/tag/2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-c68f-wr5p-j6jf","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-c68f-wr5p-j6jf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59721","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T18:16:57.200","lastModified":"2026-07-10T19:15:15.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into sendmail transport options, allowing an admin to execute arbitrary commands as root in the backend container after restart and mail sending. This issue is fixed in version 2026.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"hoppscotch","product":"hoppscotch","versions":[{"version":"< 2026.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:12:47.044468Z","id":"CVE-2026-59721","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/hoppscotch/hoppscotch/commit/73a88c82b1b2cada26cc4b2bc095b54554242239","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/pull/6413","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/releases/tag/2026.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-v7q6-r45w-2c6r","source":"security-advisories@github.com"},{"url":"https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-v7q6-r45w-2c6r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59726","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T18:16:57.337","lastModified":"2026-07-10T19:15:15.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminal_execute, obtain a shell in the bridge container, read provider API keys, and poison AgentDB learning-store patterns. This issue is fixed in version 3.16.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruvnet","product":"ruflo","versions":[{"version":"< 3.16.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:43:19.456381Z","id":"CVE-2026-59726","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/ruvnet/ruflo/commit/d00a0a40cd8bdbca877ac7f675f416bdc69accd1","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/ruflo/pull/2521","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/ruflo/releases/tag/v3.16.3","source":"security-advisories@github.com"},{"url":"https://github.com/ruvnet/ruflo/security/advisories/GHSA-c4hm-4h84-2cf3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2025-63579","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T19:16:57.757","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be obtained. This affects Kyocera Command Center RX TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, TASKalfa 3254ci, TASKalfa 505."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:44:12.833205Z","id":"CVE-2025-63579","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-311"},{"lang":"en","value":"CWE-326"}]}],"references":[{"url":"https://github.com/barisbaydur/CVE-2025-63579","source":"cve@mitre.org"},{"url":"https://global.kyocera.com/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-13492","sourceIdentifier":"security@wordfence.com","published":"2026-07-09T19:17:03.883","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWP_Validation::validate_fields() function (which falls through to sanitize_text_field() for fields of type 'file', leaving directory-traversal sequences intact) combined with the UsersWP_Forms::upload_file_remove() AJAX handler building the deletion target from the uploads basedir concatenated with the attacker-controlled metadata value without any realpath canonicalization or uploads-directory boundary check before calling unlink(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the affected site's server, including wp-config."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stiofansisland","product":"UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2.65","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:47:26.202171Z","id":"CVE-2026-13492","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/AyeCode/userswp/commit/ddb17ad30ff3384cda85c5f372db30b03bd45ac8","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L1059","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L1973","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L2320","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-forms.php#L2323","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/userswp/tags/1.2.65/includes/class-validation.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3590340/userswp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6cf6390-480f-44e2-ae36-67e3398add33?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-49276","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.670","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and enabling self cross-site scripting in the Panel. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:11:39.964148Z","id":"CVE-2026-49276","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-83"}]}],"references":[{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-rhj6-r49h-5932","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50188","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.827","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request(), Remote::get(), and Remote::post(), to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters in a header value to inject a separate unintended request header to the remote service. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:18:33.304762Z","id":"CVE-2026-50188","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-113"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/aa33414e1669e866cdd6f4decfae2a669e8bb828","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/fad9cbd22c73ed0fbd3aaf62310a8dcacfc007cd","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-4v4h-m2qq-ppgw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54002","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:05.977","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize(), Sane::sanitize(), Sane::Html::sanitize(), Sane::Svg::sanitize(), Sane::Xml::sanitize(), Sane::sanitizeFile(), or file sanitizeContents() with untrusted input allow malicious markup injected as children of an unknown HTML or XML tag to pass through Dom::sanitize() without being correctly sanitized, causing stored cross-site scripting. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:26:51.396531Z","id":"CVE-2026-54002","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-87"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/0f0437b5128c910103cbc78fc34d94b2a3faef4c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/7ad76cf9c7387462828e6ebfc8404e31b37829e9","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/9ec1873864441dbc06479ef7823da348ec7f2700","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bb2562e16c754493a403b8df84c9883108871e4c","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-wr9h-4r83-f4v6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54003","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.120","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the Panel and create the first admin user because local-IP checks trusted those headers incorrectly. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:23:16.615569Z","id":"CVE-2026-54003","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-454"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/1c7fee90e49153cf9ca4a6ec17481d25fbedc48d","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/3423f66c01dbc0455862e23ee699d2aa469f3234","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/66a3a14bf0892d320723ba766cd5f1d33a51d15b","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/ab992dc149610b90e337c2955ab6ccb7f72ffb3a","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/pull/8166","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-whxw-24jc-cwmv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54004","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:06.270","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview tokens, leading to disclosure of draft file contents. This issue is fixed in versions 4.9.4 and 5.4.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getkirby","product":"kirby","versions":[{"version":"< 4.9.4","status":"affected"},{"version":">= 5.0.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:47:55.357107Z","id":"CVE-2026-54004","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getkirby/kirby/commit/5b9a0ed587575e39156d37fa42ca7f6c73e121f7","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/commit/bc721080cd8dd4dcb7fc20b3fd0460ee8d0603b0","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/4.9.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/releases/tag/5.4.4","source":"security-advisories@github.com"},{"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-89cp-7p28-jffg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59148","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:07.067","lastModified":"2026-07-10T19:15:15.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: * with write methods allowed, and has no authentication. Any unauthenticated caller who can reach the mock server port can read MOCKOON_* environment variables, write arbitrary process environment variables through /mockoon-admin/env-vars, rewrite mock route bodies, statuses, and headers through PUT /mockoon-admin/environment, read transaction logs and SSE streams, and purge state. This issue is fixed in version 9.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mockoon","product":"mockoon","versions":[{"version":"< 9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T19:24:39.649769Z","id":"CVE-2026-59148","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-352"},{"lang":"en","value":"CWE-732"},{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/mockoon/mockoon/commit/c420b5a56918475b8663977b51e5f986e45b3299","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/pull/2254","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/releases/tag/v9.7.0","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/security/advisories/GHSA-rqx4-3f6q-3x2v","source":"security-advisories@github.com"},{"url":"https://mockoon.com/releases/9.7.0","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/security/advisories/GHSA-rqx4-3f6q-3x2v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59149","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T19:17:07.207","lastModified":"2026-07-10T19:15:15.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWith(staticBaseDir). That prefix test has no path-separator boundary, so a ../-escaped path whose absolute form string-prefixes the base directory passes, allowing an unauthenticated client to read files from sibling paths outside the served directory through HTTP sendFile, WebSocket, or callbacks. This issue is fixed in version 9.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mockoon","product":"mockoon","versions":[{"version":"< 9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T18:39:47.514756Z","id":"CVE-2026-59149","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/mockoon/mockoon/commit/b42bdfb7f82e83f0e81bea8e6fe41adf5ec82585","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/pull/2255","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/releases/tag/v9.7.0","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/security/advisories/GHSA-8wqc-v2q8-vff2","source":"security-advisories@github.com"},{"url":"https://mockoon.com/releases/9.7.0","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/security/advisories/GHSA-8wqc-v2q8-vff2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-0277","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-09T20:16:24.840","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. \n\nThe Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["iOS"],"versions":[{"version":"0","lessThan":"26.2.1","versionType":"custom","status":"affected","changes":[{"at":"26.2.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["Linux","Windows","macOS","Android","ChromeOS"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:19:46.628829Z","id":"CVE-2026-0277","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0277","source":"psirt@paloaltonetworks.com"}]}},{"cve":{"id":"CVE-2025-45422","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:54.167","lastModified":"2026-07-10T18:53:55.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:22:59.948621Z","id":"CVE-2025-45422","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"http://b-box.com","source":"cve@mitre.org"},{"url":"http://proximus.com","source":"cve@mitre.org"},{"url":"https://github.com/Cedrico03/CVE-2025-45422---Bbox","source":"cve@mitre.org"},{"url":"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H&version=3.1","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-21901","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:54.467","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service (DoS).\n\nA local high-privileged user configuring or deactivating a specific 'system services ssh' configuration parameter can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart. Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJunos OS:\n\n\n  *  from 22.3 before 22.3R3-S5;\n  *  from 22.4 before 22.4R3-S10;\n  *  from 23.2 before 23.2R2-S7;\n  *  from 23.4 before 23.4R2-S8.\n\n\n\n\nThis issue does not affect Junos OS before 22.3R1.\n\n\n\nJunos OS Evolved:\n  *  from 22.3R1-EVO before 23.2R2-S7-EVO;\n  *  from 23.4 before 23.4R2-S8-EVO.\n\n\nThis issue does not affect Junos OS Evolved before 22.3R1-EVO."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","versions":[{"version":"22.3","lessThan":"22.3R3-S5","versionType":"custom","status":"affected"},{"version":"22.4","lessThan":"22.4R3-S10","versionType":"custom","status":"affected"},{"version":"23.2","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"0","lessThan":"22.3R1","versionType":"custom","status":"unaffected"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","defaultStatus":"unaffected","versions":[{"version":"23.2","lessThan":"23.2R2-S7-EVO","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8-EVO","versionType":"custom","status":"affected"},{"version":"0","lessThan":"22.3R1-EVO","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Green","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:21:27.704515Z","id":"CVE-2026-21901","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-g4f7-w2rc-hpj6","source":"sirt@juniper.net"},{"url":"https://supportportal.juniper.net/JSA110072","source":"sirt@juniper.net"},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-g4f7-w2rc-hpj6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31267","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:54.667","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:30:57.994864Z","id":"CVE-2026-31267","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://barry-dev.xyz/about","source":"cve@mitre.org"},{"url":"https://gist.github.com/BarrYPL/13dcd071673866cbbfaaa05085b98cf3","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-33800","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T21:16:55.163","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for processing. Especially in a Virtual-Chassis (VC) scenario with locality‑bias configured, processing takes a significant amount of time for each event. If these sessions keep flapping, new events are constantly added, and in turn PFEMAN never completes processing these events. This results in the PFEMAN watchdog timer expiring, which causes the FPC to crash and restart, representing a complete service outage.\n\n\nThis issue only affects MX series FPCs up to and including MPC9. It does not affect MPC10/11, LC4800/9600 and MX304.\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S8,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","platforms":["MX Series"],"versions":[{"version":"0","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4","lessThan":"23.4R2-S8","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S4","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S3","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:31:18.681766Z","id":"CVE-2026-33800","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-606"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110075","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-51923","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.480","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:32:11.295042Z","id":"CVE-2026-51923","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://ZeroBreach.de","source":"cve@mitre.org"},{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51924","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.590","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:32:54.308269Z","id":"CVE-2026-51924","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51925","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.690","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source code or system files."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:33:11.999845Z","id":"CVE-2026-51925","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-51926","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T21:16:55.790","lastModified":"2026-07-10T18:53:55.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid and invalid usernames based on variations in server responses. This information can be leveraged to identify existing accounts and facilitate further attacks, including brute-force or credential stuffing."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:34:56.289158Z","id":"CVE-2026-51926","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://docuform.de","source":"cve@mitre.org"},{"url":"https://gist.github.com/ZeroBreach-GmbH","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-55207","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T21:16:55.890","lastModified":"2026-07-10T15:52:52.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker who knows a valid admin username can take over any Pimcore admin account by sending a password reset request with an attacker-controlled resetPasswordUrl. The server generates a real cryptographic recovery token, appends it to the supplied URL, and emails the link to the victim; when the victim clicks the link, the token is sent to the attacker and can be used with POST /pimcore-studio/api/login/token to authenticate with full admin privileges while bypassing two-factor authentication. This issue is fixed in versions 2025.4.6 and 2026.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":">= 2026.1.0, < 2026.1.6","status":"affected"},{"version":"< 2025.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:34:00.598927Z","id":"CVE-2026-55207","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-h854-c3m3-mh5v","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/commit/ea9d329686f5e5aea2eec378d63ac2deb965bb27","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/pull/1882","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2025.4.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2026.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-h854-c3m3-mh5v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55208","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T21:16:56.020","lastModified":"2026-07-10T15:52:52.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST /pimcore-studio/api/website-settings endpoint and other listing endpoints accept a columnFilters array where the key field is interpolated directly into SQL with manual backtick wrapping, allowing a backtick character to break out of quoting and append arbitrary SQL such as SLEEP() and IF() subqueries. This issue is fixed in versions 2025.4.6 and 2026.1.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pimcore","product":"pimcore","versions":[{"version":">= 2026.1.0, < 2026.1.6","status":"affected"},{"version":"< 2025.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:51:49.735662Z","id":"CVE-2026-55208","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-79cw-hfcc-7mw9","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/commit/f532428cfbf4f5d6e299a13cedd5c29541802552","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/pull/1883","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2025.4.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2026.1.6","source":"security-advisories@github.com"},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-79cw-hfcc-7mw9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15271","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T22:17:02.210","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"TOTOLINK","product":"A3000RU","cpes":["cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"A3100R","cpes":["cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"A950RG","cpes":["cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"AC1200T10","cpes":["cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"CP450","cpes":["cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"CS185R_T10","cpes":["cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]},{"vendor":"TOTOLINK","product":"EX200","cpes":["cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*"],"modules":["Web Interface"],"versions":[{"version":"20260906","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:C/I:C/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:37:19.484529Z","id":"CVE-2026-15271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-272"}]}],"references":[{"url":"https://app.notion.com/p/A3000RU-V5-9c-5185-37a1f5ba989080d38bb6ca58b2a98c64?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15271","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852316","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852317","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852318","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852319","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852320","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852321","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852323","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377214","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377214/cti","source":"cna@vuldb.com"},{"url":"https://www.totolink.net/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15274","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T22:17:03.270","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull_parser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"lo48576","product":"fbxcel","cpes":["cpe:2.3:a:lo48576:fbxcel:*:*:*:*:*:*:*:*"],"modules":["Node Header Handler"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2","status":"affected"},{"version":"0.3","status":"affected"},{"version":"0.4","status":"affected"},{"version":"0.5","status":"affected"},{"version":"0.6","status":"affected"},{"version":"0.7","status":"affected"},{"version":"0.8","status":"affected"},{"version":"0.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:38:21.175762Z","id":"CVE-2026-15274","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"references":[{"url":"https://github.com/lo48576/fbxcel/","source":"cna@vuldb.com"},{"url":"https://github.com/lo48576/fbxcel/issues/14","source":"cna@vuldb.com"},{"url":"https://github.com/lo48576/fbxcel/pull/15","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15274","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852441","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377215","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377215/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15276","sourceIdentifier":"cna@vuldb.com","published":"2026-07-09T22:17:03.450","lastModified":"2026-07-10T19:17:20.407","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"pdeljanov","product":"Symphonia","cpes":["cpe:2.3:a:pdeljanov:symphonia:*:*:*:*:*:*:*:*"],"modules":["Metadata Handler"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2","status":"affected"},{"version":"0.3","status":"affected"},{"version":"0.4","status":"affected"},{"version":"0.5","status":"affected"},{"version":"0.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:23:58.705896Z","id":"CVE-2026-15276","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"references":[{"url":"https://github.com/pdeljanov/Symphonia/","source":"cna@vuldb.com"},{"url":"https://github.com/pdeljanov/Symphonia/issues/508","source":"cna@vuldb.com"},{"url":"https://github.com/pdeljanov/Symphonia/pull/514","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15276","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852458","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377216","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377216/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-38076","sourceIdentifier":"cve@mitre.org","published":"2026-07-09T22:17:03.983","lastModified":"2026-07-10T19:17:23.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows attackers to cause a Denial of Service (DoS) via a crafted input."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:14:03.672872Z","id":"CVE-2026-38076","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"http://artifex.com","source":"cve@mitre.org"},{"url":"https://gist.github.com/dkjsone/c237b83ffa9ebd7028b5db7f410fcf78","source":"cve@mitre.org"},{"url":"https://github.com/ArtifexSoftware/jbig2dec","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-55604","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:06.247","lastModified":"2026-07-10T19:20:32.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transport session. An attacker can enumerate active session IDs via `deepseek_sessions`, then reuse a victim-controlled `session_id` in `deepseek_chat` to retrieve and continue the victim's conversation context. Version 1.7.0 contains a patch."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"arikusi","product":"deepseek-mcp-server","versions":[{"version":">= 1.4.2, < 1.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:40:34.870840Z","id":"CVE-2026-55604","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/arikusi/deepseek-mcp-server/releases/tag/v1.7.0","source":"security-advisories@github.com"},{"url":"https://github.com/arikusi/deepseek-mcp-server/security/advisories/GHSA-fh3r-g96v-f578","source":"security-advisories@github.com"},{"url":"https://github.com/arikusi/deepseek-mcp-server/security/advisories/GHSA-fh3r-g96v-f578","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55605","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T22:17:06.400","lastModified":"2026-07-10T19:20:32.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of `@arikusi/deepseek-mcp-server` exposes `POST /mcp` without any authentication: `createMcpExpressApp` is called without an `authProvider` and no middleware guards the route, so any network-reachable client can issue an unauthenticated `initialize` request and obtain a valid MCP session identifier. In reproduced testing against commit `5e1302171e99`, an unauthenticated client was able to initialize a session, enumerate tools, and invoke the local `deepseek_sessions` tool with no credentials. The same unauthenticated session also exposes `deepseek_chat`, whose handler uses the server-side `DEEPSEEK_API_KEY` when self-hosted deployments configure one. This issue applies to self-hosted HTTP mode, not the separately documented hosted BYOK endpoint in `README.md`, which expects an `Authorization: Bearer ...` header. Upstream self-hosted container assets enable HTTP mode by default (`Dockerfile`) and publish port `3000` (`docker-compose.yml`). Version 1.8.0 contains a patch for this issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"arikusi","product":"deepseek-mcp-server","versions":[{"version":">= 1.4.2, < 1.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:35:04.651716Z","id":"CVE-2026-55605","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/arikusi/deepseek-mcp-server/blob/main/CHANGELOG.md#180---2026-06-14","source":"security-advisories@github.com"},{"url":"https://github.com/arikusi/deepseek-mcp-server/releases/tag/v1.8.0","source":"security-advisories@github.com"},{"url":"https://github.com/arikusi/deepseek-mcp-server/security/advisories/GHSA-72f3-6w86-7rv3","source":"security-advisories@github.com"},{"url":"https://github.com/arikusi/deepseek-mcp-server/security/advisories/GHSA-72f3-6w86-7rv3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57031","sourceIdentifier":"sirt@juniper.net","published":"2026-07-09T22:17:08.827","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters.\n\nOn MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers configured on static interfaces, ingress firewall filters are not enforced, so that neither protocol level nor upstream bandwidth limitation are in effect. \n\n\nThis issue affects Junos OS on MX with MPC10/11, LC4800/9600/4802, and MX304:\n\n\n  *  23.2 versions from 23.2R2-S1 before 23.2R2-S7,\n  *  23.4 versions from 23.4R2 before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R2."}],"affected":[{"source":"sirt@juniper.net","affectedData":[{"vendor":"Juniper Networks","product":"Junos OS","defaultStatus":"unaffected","modules":["MPC10","MPC11","LC4800","LC9600","MX304-LMIC16"],"platforms":["MX Series"],"versions":[{"version":"23.2R2-S1","lessThan":"23.2R2-S7","versionType":"custom","status":"affected"},{"version":"23.4R2","lessThan":"23.4R2-S7","versionType":"custom","status":"affected"},{"version":"24.2","lessThan":"24.2R2-S3","versionType":"custom","status":"affected"},{"version":"24.4","lessThan":"24.4R2-S2","versionType":"custom","status":"affected"},{"version":"25.2","lessThan":"25.2R2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:35:02.980850Z","id":"CVE-2026-57031","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA110091","source":"sirt@juniper.net"}]}},{"cve":{"id":"CVE-2026-33655","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:04.763","lastModified":"2026-07-10T19:17:58.040","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address, allowing authenticated users to configure Webhook, Bark, or Gotify notification URLs that point at an internal or metadata IP address. This issue is fixed in version 0.12.0-alpha.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"QuantumNous","product":"new-api","versions":[{"version":"< 0.12.0-alpha.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:16:34.619775Z","id":"CVE-2026-33655","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/QuantumNous/new-api/commit/20399d3c8fcb4e3649d53163eb11940fd6763743","source":"security-advisories@github.com"},{"url":"https://github.com/QuantumNous/new-api/releases/tag/v0.12.0-alpha.1","source":"security-advisories@github.com"},{"url":"https://github.com/QuantumNous/new-api/security/advisories/GHSA-6qcr-qxgr-m7fv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44342","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.217","lastModified":"2026-07-10T19:17:58.040","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing an attacker to trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth identity in deployments where session cookies could be sent on cross-site navigations. This issue is fixed in version 0.12.0-alpha.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"QuantumNous","product":"new-api","versions":[{"version":"< 0.12.0-alpha.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:44:32.677851Z","id":"CVE-2026-44342","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/QuantumNous/new-api/commit/e099117c61391abdf888fb75e382a582e550bd0e","source":"security-advisories@github.com"},{"url":"https://github.com/QuantumNous/new-api/releases/tag/v0.12.0-alpha.1","source":"security-advisories@github.com"},{"url":"https://github.com/QuantumNous/new-api/security/advisories/GHSA-26v7-h57m-gh9m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59832","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.627","lastModified":"2026-07-10T16:16:38.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticated request such as /snippets/%2e%2e/%2e%2e/conf/conf.json to read workspace secrets and the document database. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:41:47.607410Z","id":"CVE-2026-59832","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/68cc0f537dfa4502496dfa794e71835421c25c09","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-275h-v5h9-vr82","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59833","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.773","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored cross-site scripting in document export-preview and Bazaar package README render paths that can execute OS commands in the Electron desktop renderer. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:15:26.840084Z","id":"CVE-2026-59833","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/ebe252e61fb93f258d083b9da0fa403679fdf94a","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59834","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:05.900","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNION SELECT and return rows from hidden documents by projecting an allowed visible box and path. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:33:00.538761Z","id":"CVE-2026-59834","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/57bcad4b331836880bfe6be25d4180bdcf10db0d","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/commit/d0f0fe146fb07d594fcadc4f48d4f7c30ac01d1e","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h89q-4j2h-7h88","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h89q-4j2h-7h88","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59853","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:06.030","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private document paths, notebook, document, and block IDs, and search and replace keywords for unpublished documents. This issue is fixed in versions 3.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:47:32.142690Z","id":"CVE-2026-59853","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/0049d0f04ffe9837760d29248b9ef31605077d36","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-px3c-cf92-9g83","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-px3c-cf92-9g83","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59857","sourceIdentifier":"security-advisories@github.com","published":"2026-07-09T23:17:06.580","lastModified":"2026-07-10T19:23:21.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen < MAXWLEN, allowing reslen to reach MAXWLEN before res[reslen] = NUL writes one byte past the end of the MAXWLEN-element stack buffer. A boundary-length word passed to soundfold(), or reached via sound-based spell suggestion while a SAL-based spell language is active under a non-multibyte 8-bit encoding, can corrupt the eval_soundfold() stack frame and crash the editor. This issue is fixed in version 9.2.0725."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0725","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:14:30.879772Z","id":"CVE-2026-59857","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0725","matchCriteriaId":"18490B57-595A-47A5-818A-D7BD0A9898DD"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/d22ff1c955ff87e8273210eae125aab0e85b6c30","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-m3hf-xcm3-xhm2","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12595","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T00:16:32.120","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /users/@me endpoint without ever checking that the profile's verified flag is true, then directly maps that email to a local WordPress account via get_user_by('email', $profile['email']) and issues an authenticated session cookie via wp_set_auth_cookie(). This makes it possible for unauthenticated attackers to take over any existing WordPress account — including administrator accounts — by registering a Discord account configured with an unverified email address that matches the target user's registered WordPress email and completing the standard Discord OAuth flow."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:13:03.515325Z","id":"CVE-2026-12595","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://loginpress.pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5949980f-2506-49be-9105-40ec2d2a4f77?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12597","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T00:16:32.603","lastModified":"2026-07-10T16:16:25.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array returned by GitHub's /user/emails endpoint as an account-binding identifier without verifying that the email carries a verified === true status. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including administrators, by adding an unverified email address matching a local account to their GitHub profile and triggering the OAuth callback via a crafted code parameter — causing the plugin to call get_user_by('email', ...) and establish an authenticated session for the matched account. Practical exploitation is conditional on GitHub returning the attacker-added unverified email at index 0 of the /user/emails response, as GitHub typically prioritizes the primary verified address first; nonetheless, the absence of any email verification check in the plugin constitutes a fundamental authentication bypass flaw."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:27:36.481702Z","id":"CVE-2026-12597","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://loginpress.pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3ee9f6-6465-4caf-9aef-72dd37c61a2c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12598","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T00:16:32.727","lastModified":"2026-07-10T19:17:20.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it directly with get_user_by('email', $profile['email']) to identify and log in an existing WordPress account, without confirming that the Spotify user actually owns the email address (Spotify documents that the profile email is unverified) and without requiring the user to prove ownership of the matching WordPress account. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including Administrators, by registering a Spotify account using the targeted user's email address and authenticating via the Spotify provider."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"LoginPress","product":"LoginPress Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:04:43.333742Z","id":"CVE-2026-12598","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://loginpress.pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bef61f05-a2dc-4f61-a5da-7161a9912196?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15311","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T00:16:32.853","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"NousResearch","product":"hermes-agent","cpes":["cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"],"modules":["Matrix Adapter"],"versions":[{"version":"2026.5.29.0","status":"affected"},{"version":"2026.5.29.1","status":"affected"},{"version":"2026.5.29.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:35.059940Z","id":"CVE-2026-15311","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/NousResearch/hermes-agent/","source":"cna@vuldb.com"},{"url":"https://github.com/NousResearch/hermes-agent/issues/42667","source":"cna@vuldb.com"},{"url":"https://github.com/NousResearch/hermes-agent/pull/42759","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15311","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852843","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377247","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377247/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-54760","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.477","lastModified":"2026-07-10T16:16:33.063","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlglot` SELECT-only statement allowlist. The blocklist entries that target callable functions require the function name to be immediately followed by `\\s*\\(`. PostgreSQL accepts the same call with the name separated from `(` by a quoted identifier, an inline comment, or schema qualification. These forms evade the regex, still parse as `SELECT`, and execute the same PostgreSQL function. This restores the `pg_read_file` server-side file-read primitive that the prior CVE-2026-25879 / GHSA-pmch-g965-grmr fix was meant to block: the parent advisory fixed a missing `pg_read_file` blocklist entry, while this report shows that the added regex is bypassable. Version 0.65.1 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:27:08.297594Z","id":"CVE-2026-54760","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-6xc5-4r68-67fc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-6xc5-4r68-67fc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54769","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.603","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages with `full_eval=True`, they attempt to sandbox the execution by explicitly setting `locals` to an empty dictionary `{}` inside Python's `eval()` function. However, this relies on an incomplete understanding of Python's execution model. Because `__builtins__` is not explicitly scrubbed from the `globals` dictionary mapping, Python implicitly injects all built-ins during execution, granting full access to functions like `__import__('os').system()`. Since `TableChatAgent.pandas_eval()` executes external LLM outputs natively, this bypass permits any attacker providing prompt payload to achieve unauthenticated RCE on the host system. Version 0.65.2 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:12:03.554156Z","id":"CVE-2026-54769","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54771","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.737","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. Version 0.65.3 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:19:42.631163Z","id":"CVE-2026-54771","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-75"}]}],"references":[{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-gjgq-w2m6-wr5q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55615","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T00:16:33.867","lastModified":"2026-07-10T15:49:19.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection (direct user input or indirect content the agent reads back via RAG), so an attacker who can influence the prompt can read or destroy all graph data and, when APOC or dbms.security procedures are enabled on the server, achieve OS-command and filesystem access. This is the same defect class and threat model as the SQLChatAgent prompt-to-SQL-to-RCE issue fixed in version 0.63.0 (CVE-2026-25879); that fix did not extend to the neo4j module. Version 0.65.5 contains a fix for the neo4j module."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langroid","product":"langroid","versions":[{"version":"< 0.65.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:42:55.346221Z","id":"CVE-2026-55615","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/langroid/langroid/commit/5a3097d9dd6378b08ced5480b0caf76cc58d00fa","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-2pq5-3q89-j7cc","source":"security-advisories@github.com"},{"url":"https://github.com/langroid/langroid/security/advisories/GHSA-2pq5-3q89-j7cc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15319","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T03:16:20.433","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 3126. A patch should be applied to remediate this issue."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"modules":["Launcher"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:24:08.322070Z","id":"CVE-2026-15319","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3069","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/pull/3126","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15319","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852884","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377259","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377259/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15320","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T03:16:20.723","lastModified":"2026-07-10T16:16:26.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. The reported GitHub issue was closed automatically due to inactivity."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Sipeed","product":"PicoClaw","cpes":["cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:*"],"versions":[{"version":"0.2.0","status":"affected"},{"version":"0.2.1","status":"affected"},{"version":"0.2.2","status":"affected"},{"version":"0.2.3","status":"affected"},{"version":"0.2.4","status":"affected"},{"version":"0.2.5","status":"affected"},{"version":"0.2.6","status":"affected"},{"version":"0.2.7","status":"affected"},{"version":"0.2.8","status":"affected"},{"version":"0.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:26:21.767167Z","id":"CVE-2026-15320","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/sipeed/picoclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/sipeed/picoclaw/issues/3071","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15320","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/852942","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377260","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377260/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-11818","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.277","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to list, create, update, delete, clone, and bulk-delete notification flow workflows that are intended to be managed only by administrators. The only protection on these endpoints is a wp_rest nonce check, which is obtainable by any logged-in user from the frontend page source."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"arraytics","product":"WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:24:51.466836Z","id":"CVE-2026-11818","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L110","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L121","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L74","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.13/vendor/themewinter/email-notification-sdk/src/Flow/FlowAPI.php#L82","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-cafe/tags/3.0.15/core/email-automation/Service/email-notification.php#L88","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9cf2d3bd-359c-4334-ad28-b6b9722edd1c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14894","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.587","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler, whose only barrier is a session nonce freely obtainable by unauthenticated visitors via a separate nopriv endpoint. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible. The nonce requirement is trivially bypassed because the super_create_nonce nopriv AJAX action allows any unauthenticated visitor to mint a valid sf_nonce and session cookie in a single prior request, reducing exploitation to two unauthenticated HTTP requests."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"WebRehab","product":"Super Forms – Drag & Drop Form Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.3.313","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:07:33.536107Z","id":"CVE-2026-14894","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/RensTillmann/super-forms/commit/c5838f5877c72b738c54ed970935c77ae6830c3a","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c7fb16-efbb-41e9-be13-98e96c1e9100?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15070","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:47.727","lastModified":"2026-07-10T16:16:25.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into the web-accessible translate-constants.php file within the plugin directory, enabling remote code execution on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. sanitize_text_field() is applied to the POST 'value' parameter but does not neutralize the characters — single quotes, parentheses, semicolons, $, and [] — required to break out of the PHP string literal into which the value is interpolated before being written to disk via file_put_contents()."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wordpresschef","product":"Salon Booking System – Free Version","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"10.30.32","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:24:32.111847Z","id":"CVE-2026-15070","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Action/Ajax/SetCustomText.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Action/Init.php#L628","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Plugin.php#L407","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.30.32/src/SLN/Settings.php#L335","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3600791%40salon-booking-system&new=3600791%40salon-booking-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/301ad19a-f99c-45c8-83a7-d74e1a260556?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15321","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T04:17:47.873","lastModified":"2026-07-10T19:17:20.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument new_values['data'] results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 6.5.0 is sufficient to fix this issue. The patch is identified as 4a97edfbd786c779d0322054833b21ddf54d5b06. It is suggested to upgrade the affected component. The issue report remains open even though there is an official fix for it."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"MyEMS","cpes":["cpe:2.3:a:myems:myems:*:*:*:*:*:*:*:*"],"modules":["Admin Backend"],"versions":[{"version":"6.0","status":"affected"},{"version":"6.1","status":"affected"},{"version":"6.2","status":"affected"},{"version":"6.3","status":"affected"},{"version":"6.4.0","status":"affected"},{"version":"6.5.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N","baseScore":3.3,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:25:27.012104Z","id":"CVE-2026-15321","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/MyEMS/myems/","source":"cna@vuldb.com"},{"url":"https://github.com/MyEMS/myems/commit/4a97edfbd786c779d0322054833b21ddf54d5b06","source":"cna@vuldb.com"},{"url":"https://github.com/MyEMS/myems/issues/412","source":"cna@vuldb.com"},{"url":"https://github.com/MyEMS/myems/releases/tag/v6.5.0","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15321","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853060","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377263","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377263/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853060","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15326","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T04:17:48.090","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project closed the issue as \"duplicate\" but did not reference any other issue, report, or CVE."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"halo-dev","product":"halo","cpes":["cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:*"],"modules":["Theme Installation"],"versions":[{"version":"2.24.0","status":"affected"},{"version":"2.24.1","status":"affected"},{"version":"2.24.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:P","baseScore":4.7,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:21.876523Z","id":"CVE-2026-15326","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/halo-dev/halo/","source":"cna@vuldb.com"},{"url":"https://github.com/halo-dev/halo/issues/10062","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15326","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853064","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377265","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377265/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-44918","sourceIdentifier":"cve@mitre.org","published":"2026-07-10T04:17:51.530","lastModified":"2026-07-10T18:50:20.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","versions":[{"version":"27.0.0","lessThan":"29.0.6","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.2","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThan":"35.0.2","versionType":"semver","status":"affected"},{"version":"36.0.0","lessThan":"37.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:31:03.401667Z","id":"CVE-2026-44918","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2150450","source":"cve@mitre.org"},{"url":"https://lists.openstack.org/archives/list/openstack-announce@lists.openstack.org/thread/PAJKDWS23MKSSNX22JEVDA7RWN3BHJYC/","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-026.html","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/07/08/4","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-54423","sourceIdentifier":"cve@mitre.org","published":"2026-07-10T04:17:52.230","lastModified":"2026-07-10T18:51:16.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","modules":["ipmi"],"versions":[{"version":"22.1.0","lessThan":"29.0.6","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.2","versionType":"semver","status":"affected"},{"version":"32.0.0","lessThan":"35.0.2","versionType":"semver","status":"affected"},{"version":"36.0.0","lessThan":"37.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:25:51.179224Z","id":"CVE-2026-54423","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-424"}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2150458","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-025.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-5069","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T04:17:52.833","lastModified":"2026-07-10T19:17:27.203","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscription_id' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit cancellation requests for other users' subscriptions."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpmanageninja","product":"Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:02:33.208787Z","id":"CVE-2026-5069","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3513845/fluentform","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7521577-ce13-4b60-ae11-9c0f9c077cf9?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15283","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:30.943","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpvividplugins","product":"WPvivid Backup for MainWP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.9.33","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:17:25.793505Z","id":"CVE-2026-15283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047890%40wpvivid-backup-mainwp&new=3047890%40wpvivid-backup-mainwp&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2083fdf7-e251-4162-b38f-8dab4395a8a7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15285","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.210","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+) Stored Cross-Site Scripting via the Button widget's `custom_attributes` setting in versions up to and including 6.4.11. The `render` function in `modules/widgets/tp_button.php` passed the raw `custom_attributes` string through `tp_senitize_js_input()`. This filter is bypassable. The issue is patched in version 6.4.12."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"posimyththemes","product":"The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.4.11","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:02:26.830122Z","id":"CVE-2026-15285","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.10/modules/helper-function.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.10/modules/widgets/tp_button.php#L1549","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.11/modules/widgets/tp_button.php#L1881","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/6.4.12/modules/widgets/tp_button.php#L1680","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3c3217f9-67e5-488d-b80a-49a61678fb98?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15286","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.343","lastModified":"2026-07-10T16:16:25.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'get_items_permission_check' function permission callback of the 'process_pattern' REST API endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and immediately publish posts of any type (including pages), bypassing the standard WordPress review workflow where contributors must submit posts for administrator approval."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stellarwp","product":"Kadence Blocks — Page Builder Toolkit for Gutenberg Editor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.5.32","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:24:02.535489Z","id":"CVE-2026-15286","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/class-kadence-blocks-prebuilt-library-rest-api.php#L590","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kadence-blocks/trunk/includes/class-kadence-blocks-prebuilt-library-rest-api.php#L925","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3445125/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e739eb4-6b8b-4bc7-a1e6-790180668c93?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15287","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:31.657","lastModified":"2026-07-10T19:17:20.527","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the order_by parameter in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rtcamp","product":"rtMedia for WordPress, BuddyPress and bbPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.6.18","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:03:29.110186Z","id":"CVE-2026-15287","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071359%40buddypress-media%2Ftrunk&old=3022114%40buddypress-media%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a2420ca-e079-429b-b1f1-47bf1d0a9f71?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15289","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.133","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart_id’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. In order to exploit the vulnerability, the Pro version of the plugin must be installed and activated, with the 'Delete previous dates' option checked."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevart","product":"Booking calendar, Appointment Booking System","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.17","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:27:42.536496Z","id":"CVE-2026-15289","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L64","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L90","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-calendar/trunk/includes/main_class.php#L91","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c052622-ac99-4069-b7df-41aea303ed9d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15290","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.287","lastModified":"2026-07-10T17:16:53.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This vulnerability was partially patched in version 2.9.2 when initially addressing CVE-2025-0308."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ultimatemember","product":"Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:53:43.001848Z","id":"CVE-2026-15290","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.1/includes/core/class-member-directory.php#L1710","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.1/includes/core/class-member-directory.php#L1866","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3222364/ultimate-member/trunk/includes/core/class-member-directory.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3265901/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f539e25-5483-417d-a3c5-e7034c03c673?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15291","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.430","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/{id}. This is due to the plugin not performing any authentication and authorization checks. This makes it possible for unauthenticated attackers to extract sensitive data including customer names, email addresses, phone numbers, WhatsApp messages, complete geolocation data (IP addresses, city, country, ISP, coordinates), device fingerprinting information (browser, OS, screen resolution), and WordPress account credentials (user IDs, usernames, emails, names) for logged-in users who submit forms."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themeatelier","product":"ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:16:31.518029Z","id":"CVE-2026-15291","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L149","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L157","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L207","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chat-help/tags/3.1.1/src/Admin/Leads.php#L234","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394141%40chat-help%2Ftrunk&old=3390862%40chat-help%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91654765-6631-4eb4-9971-32b7db7933e1?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15292","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.563","lastModified":"2026-07-10T16:16:25.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tibouille","product":"Sudoku Shortcode","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:20:34.566902Z","id":"CVE-2026-15292","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/tags/1.0.0/sudoku-shortcode.php#L63","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/tags/1.0.0/sudoku-shortcode.php#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/trunk/sudoku-shortcode.php#L63","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sudoku-shortcode/trunk/sudoku-shortcode.php#L73","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/99e4b38c-f81d-4578-a623-ea62495e934d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15293","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.700","lastModified":"2026-07-10T19:17:20.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify stored SQL queries, which can lead to privilege escalation via arbitrary SQL execution when the modified query is viewed by an administrator."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"joeyoungblood","product":"WP Business Intelligence Lite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:01:13.346858Z","id":"CVE-2026-15293","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-business-intelligence-lite/tags/3.2.0/Admin/Menu/Query.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-business-intelligence-lite/tags/3.2.0/Loader.php#L81","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a7e35f18-7659-4b97-b99f-b57ac941cb22?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15297","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:32.977","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"neeraj_slit","product":"Brevo – Email, SMS, Web Push, Chat, and more.","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.77","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:28:38.782012Z","id":"CVE-2026-15297","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mailin/trunk/inc/table-forms.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3055756%40mailin%2Ftrunk&old=3032712%40mailin%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4cb79e-e62b-4991-8ee5-493dafe38b80?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15298","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.117","lastModified":"2026-07-10T17:16:54.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for unauthenticated attackers to inject malicious scripts via Telegram chat titles that execute when an administrator opens the TelSender settings page and clicks the \"Tested\" button."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"pechenki","product":"TelSender – Сontact form 7, Events, Wpforms, ninja forms  and woocommerce to telegram bot","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.14.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:51:53.582933Z","id":"CVE-2026-15298","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/js/ajax.js#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/js/ajax.js#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/tags/1.14.14/template/view.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/js/ajax.js#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/js/ajax.js#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/telsender/trunk/template/view.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3449367%40telsender&new=3449367%40telsender&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb02878a-2c85-4dcb-bdc0-e65addf9fb9c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15299","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.257","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weather_style' and 'move_direction' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render() function at widgets/weather.php:1246, where both settings values are placed into an HTML class attribute without esc_attr(). Elementor does not server-side validate widget SELECT control values against allowed options on save, so an authenticated attacker with Contributor-level access or above can submit a crafted save_builder AJAX request storing arbitrary values in the _elementor_data post meta. The stored payload renders unescaped on every frontend visit to the affected page (the Weather widget requires an OpenWeatherMap API key to reach the vulnerable output, which is the normal operational state for sites using this widget)."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wealcoder","product":"Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.6.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:16:06.336538Z","id":"CVE-2026-15299","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/tags/2.6.3/widgets/weather.php#L1246","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/tags/2.6.4/widgets/weather.php#L1246","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/animation-addons-for-elementor/tags/2.6.3&new_path=/animation-addons-for-elementor/tags/2.6.4","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e755c7-7d1e-45f7-9d0b-2df1ef0bdd02?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15300","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.393","lastModified":"2026-07-10T16:16:26.013","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which does not cover $_SERVER), then passed through bare esc_sql() before being interpolated into unquoted numeric positions in the proximity-search query (HAVING/SELECT clause distance math, BETWEEN bounding-box pre-filter) built by gmw_locations_query() in plugins/posts-locator/includes/class-gmw-wp-query.php. Because esc_sql() only escapes string delimiters and these positions are numeric, payloads such as `1 OR SLEEP(3)` survived sanitization. Fixed in 4.5.5 by adding an upstream is_numeric() guard that short-circuits the WHERE clause to `AND 1 = 0` when either coordinate is non-numeric, and by replacing the three esc_sql() calls with (float) casts."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ninjew","product":"GEO my WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:19:40.048972Z","id":"CVE-2026-15300","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L300","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.4/plugins/posts-locator/includes/class-gmw-wp-query.php#L301","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L286","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/geo-my-wp/tags/4.5.5/plugins/posts-locator/includes/class-gmw-wp-query.php#L305","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ecbc7f05-fc4f-4276-968e-04222a64e55a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15301","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T05:16:33.537","lastModified":"2026-07-10T19:17:20.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"digiblogger","product":"BuddyHolis TableSearch","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:14:13.606733Z","id":"CVE-2026-15301","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/tablesearch/tags/1.1.0/tablesearch.php#L33","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eea79152-76ef-4331-8999-e13f92cd08f4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15331","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T05:16:34.010","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. Upgrading to version 2.1.2 is sufficient to fix this issue. The identifier of the patch is e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. It is advisable to upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Skill Installation Handler"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"},{"version":"2.1.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:26:26.657365Z","id":"CVE-2026-15331","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/commit/e85290cddcbb5ffc9c235927f4c92e5b4c3ec264","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2873","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/pull/2886","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/releases/tag/2.1.2","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15331","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853104","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377274","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377274/cti","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2873","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15332","sourceIdentifier":"cna@vuldb.com","published":"2026-07-10T05:16:34.200","lastModified":"2026-07-10T16:16:26.237","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhayujie","product":"CowAgent","cpes":["cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:*"],"modules":["Message Endpoint"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:49.153601Z","id":"CVE-2026-15332","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/zhayujie/CowAgent/","source":"cna@vuldb.com"},{"url":"https://github.com/zhayujie/CowAgent/issues/2874","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15332","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/853105","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377275","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377275/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-21039","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.387","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:16.688942Z","id":"CVE-2026-21039","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21040","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.530","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:30:43.400961Z","id":"CVE-2026-21040","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21041","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.663","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:31:20.275576Z","id":"CVE-2026-21041","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21044","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.063","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:32:56.008371Z","id":"CVE-2026-21044","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21045","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.177","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:34:24.683334Z","id":"CVE-2026-21045","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21048","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.410","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:05:41.399711Z","id":"CVE-2026-21048","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21050","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.650","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:15:47.362272Z","id":"CVE-2026-21050","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21051","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.760","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:45:03.619826Z","id":"CVE-2026-21051","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21053","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.987","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Email","defaultStatus":"affected","versions":[{"version":"6.2.13.1","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:40:42.601599Z","id":"CVE-2026-21053","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21054","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:36.100","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"InputSharing","defaultStatus":"affected","versions":[{"version":"2.7.01.4","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:39:52.231620Z","id":"CVE-2026-21054","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21056","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:36.330","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Health","defaultStatus":"affected","versions":[{"version":"7.00.0.107","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:15:06.389597Z","id":"CVE-2026-21056","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21057","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:36.453","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Pass","defaultStatus":"affected","versions":[{"version":"5.2.10.3","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:24:50.936899Z","id":"CVE-2026-21057","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-12123","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T07:16:27.430","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. A Subscriber-level attacker can plant an internal or loopback URL in the `mp4` post meta of a newly created `aiovg_videos` post via XML-RPC `wp.newPost`, then trigger the unauthenticated `?vdl=<post_id>` endpoint to force the server to fetch that URL and stream the full response body back to the requester."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"plugins360","product":"All-in-One Video Gallery","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.8.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:35:19.444626Z","id":"CVE-2026-12123","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/includes/roles.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L758","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.7.5/public/video.php#L904","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/includes/roles.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L724","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L758","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/tags/4.8.5/public/video.php#L904","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3582575","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3bb454c-ac0e-4915-8c6e-070596f7595a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12276","sourceIdentifier":"contact@wpscan.com","published":"2026-07-10T07:16:28.203","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"LA-Studio Element Kit for Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:34:56.293264Z","id":"CVE-2026-12276","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/0c77a001-2773-4727-a873-848f5670fb96/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12685","sourceIdentifier":"contact@wpscan.com","published":"2026-07-10T07:16:28.313","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"escortwp","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"3.6.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:04:36.399926Z","id":"CVE-2026-12685","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/0e5f5730-167d-4853-a764-bb9e3d62fdc4/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-13347","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T08:16:20.857","lastModified":"2026-07-10T17:16:53.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and he_wrapper_css query parameters processed by the elementor_assets_filter() function. This is due to the function concatenating user-supplied input directly onto ABSPATH and passing the result to file_get_contents() without any path traversal validation, allow-list, realpath containment, or extension check; the result is then echoed in the HTTP response. Although the output is passed through wp_kses_post(), that function only filters HTML tags and does not prevent disclosure of arbitrary file contents. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the affected site's server (such as wp-config). Note: The exploit requires the Elementor plugin and the 'Hide Elementor' feature to be enabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"templatic1","product":"Hide My WP Lite","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:51:40.903413Z","id":"CVE-2026-13347","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/hide-wp-login/tags/1.3/includes/functions.php#L117","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hide-wp-login/tags/1.3/includes/functions.php#L139","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e044c51c-40e0-4d33-8921-616d59e0e0d8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-28564","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:21.897","lastModified":"2026-07-10T16:16:28.493","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB.\nREST Basic Authentication Accepts Stale Cached Credentials\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:02:34.412449Z","id":"CVE-2026-28564","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-294"},{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://lists.apache.org/thread/l38wpy7flvvfwv4rkps87l5z8gprnfy0","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40005","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.043","lastModified":"2026-07-10T16:16:29.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.\nAn attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:01:48.242010Z","id":"CVE-2026-40005","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://lists.apache.org/thread/zw2vkbmy5xkf5y8g237v81hrs4c6b5lq","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40006","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.163","lastModified":"2026-07-10T16:16:29.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB.\nWhen pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver\naccepts raw TCP connections on port 9780 with no authentication. The\nreadLength method reads an attacker-controlled 32-bit integer from the\nsocket and readData passes it directly to new byte[length] with no\nupper-bound check. An unauthenticated attacker can cause the JVM to attempt\nan allocation of up to 2,147,483,647 bytes per connection, exhausting heap\nmemory and crashing or severely degrading the DataNode process.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:59:12.142625Z","id":"CVE-2026-40006","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://lists.apache.org/thread/rfpt7m9fvdrw37r3ow5omp2n914z6zqk","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40007","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.280","lastModified":"2026-07-10T16:16:30.140","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.\nWhen pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's\nreadLength method calls itself recursively each time it recognises the\nE-language prefix in socket data, with no depth limit. An unauthenticated\nattacker can send a stream of repeated E-language prefixes that drives the\nrecursion arbitrarily deep, exhausting the receiver thread's JVM stack and\nraising StackOverflowError.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:07:37.243571Z","id":"CVE-2026-40007","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://lists.apache.org/thread/tr23kh6kp8drrsv8ypv1mqm4v5kyy23m","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40008","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.397","lastModified":"2026-07-10T16:16:30.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB.\nThe pipe processor reads a fully\nqualified Java class name and\ninstantiates it using Class.forName().newInstance() without any\nvalidation or allowlisting.\n\n\nThis issue affects Apache IoTDB: from 1.0.0 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:06:47.206817Z","id":"CVE-2026-40008","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-470"}]}],"references":[{"url":"https://lists.apache.org/thread/fm8cpvzbox2qqy99ztglm8wkk1nrg9ng","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40009","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.510","lastModified":"2026-07-10T19:17:23.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB.\nAuthenticated users can escalate to full tree-path access by renaming\nthemselves to __internal_auditor.\n\n\nThis issue affects Apache IoTDB: from 2.0.8 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"2.0.8","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:56:20.929365Z","id":"CVE-2026-40009","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://lists.apache.org/thread/65hh7dh28rcxlzdzwdpt630321tr8b61","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/6","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40452","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.627","lastModified":"2026-07-10T19:17:23.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB.\nAuthorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users.\n\n\nThis issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB","defaultStatus":"unaffected","versions":[{"version":"1.3.5","lessThan":"1.3.8","versionType":"semver","status":"affected"},{"version":"2.0.5","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:55:16.780217Z","id":"CVE-2026-40452","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://lists.apache.org/thread/04j2l6dosyboor4o2gvrzbrcrpllmh95","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/7","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40454","sourceIdentifier":"security@apache.org","published":"2026-07-10T08:16:22.750","lastModified":"2026-07-10T16:16:30.770","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client.\nOut-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client\nprocess on malformed server data.\n\n\nThis issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.\n\nUsers are recommended to upgrade to version 2.0.10, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache IoTDB C++ client","defaultStatus":"unaffected","packageName":"client-cpp","versions":[{"version":"1.3.5","lessThan":"1.3.8","versionType":"semver","status":"affected"},{"version":"2.0.5","lessThan":"2.0.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:27:23.764896Z","id":"CVE-2026-40454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://lists.apache.org/thread/9wml325g6bpovw0jf5ymtc3xl7fwlkrn","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/10/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2025-11977","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:51.153","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyforms_get_form_partial() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"happyforms","product":"Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.26.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:04:08.892744Z","id":"CVE-2025-11977","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://plugins.svn.wordpress.org/happyforms/trunk/core/classes/class-wp-customize-form-manager.php","source":"security@wordfence.com"},{"url":"https://plugins.svn.wordpress.org/happyforms/trunk/core/helpers/helper-form-templates.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3494912%40happyforms&new=3494912%40happyforms","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e31119ab-963d-48a4-9948-0a0dce761918?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11992","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.280","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level access and above, to cancel all upcoming appointments site-wide by marking every future appointment stored by the plugin as abandoned. The nonce required to authenticate the cancellation request is printed on the Appointments admin page, which is itself gated only by the edit_posts capability that Authors possess, making the nonce readily accessible to low-privileged users."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"easyappointments","product":"Easy Appointments","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.12.27","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:05:16.087727Z","id":"CVE-2026-11992","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L563","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/ajax.php#L619","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.24.1/src/templates/appointments.tpl.php#L302","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L563","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/ajax.php#L619","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.25/src/templates/appointments.tpl.php#L302","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eea33d0b-2547-4c51-8c4c-d178d6c8502d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12108","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.417","lastModified":"2026-07-10T19:17:20.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"looswebstudio","product":"Highlighting Code Block","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:15:34.349394Z","id":"CVE-2026-12108","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/highlighting-code-block/tags/2.1.3/class/loos_hcb.php#L158","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/highlighting-code-block/tags/2.1.3/class/loos_hcb_menu.php#L23","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/highlighting-code-block/tags/2.1.3/class/loos_hcb_scripts.php#L69","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/highlighting-code-block/tags/2.2.0/class/loos_hcb.php#L158","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/highlighting-code-block/tags/2.2.0/class/loos_hcb_menu.php#L23","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/highlighting-code-block/tags/2.2.0/class/loos_hcb_scripts.php#L69","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3592103%40highlighting-code-block&new=3592103%40highlighting-code-block","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/166e1d3a-3fd9-4ab0-ba0d-707c6d59e0cd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12924","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.820","lastModified":"2026-07-10T16:16:25.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etn_faq_content' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"arraytics","product":"Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.1.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:40:46.922796Z","id":"CVE-2026-12924","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/core/event/Api/EventController.php#L2027","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/core/event/Api/EventController.php#L801","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/event-details-parts.php#L359","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/styles/event-faq/style-1.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/templates/event/parts/styles/event-faq/style-2.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.1.15/utils/functions.php#L44","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3600977%40wp-event-solution&new=3600977%40wp-event-solution","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/343ed594-482a-4a27-9682-92bb643ee82a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12955","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:52.987","lastModified":"2026-07-10T17:16:53.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdpr_cookie_consent_ajax_save_schedule_scan() function (the wp_ajax_gcc_save_schedule_scan AJAX action) in versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's cookie scan schedule configuration stored in the gdpr_scan_schedule_data option, which is an administrative function intended to be limited to users with the manage_options capability."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wplegalpages","product":"Cookie Banner for GDPR / CCPA – WPLP Cookie Consent","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:19.589040Z","id":"CVE-2026-12955","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/admin/class-gdpr-cookie-consent-admin.php#L8132","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/admin/class-gdpr-cookie-consent-admin.php#L8139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/includes/class-gdpr-cookie-consent.php#L251","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3601475/gdpr-cookie-consent/tags/4.3.7/admin/class-gdpr-cookie-consent-admin.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ddee10e0-093c-47a3-8aa9-946d6d21e1b2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14475","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.127","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wplegalpages","product":"Cookie Banner for GDPR / CCPA – WPLP Cookie Consent","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:11:39.023792Z","id":"CVE-2026-14475","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/class-wpl-cookie-consent-cookie-scanner.php#L1036","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/class-wpl-cookie-consent-cookie-scanner.php#L994","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L823","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.6/admin/modules/cookie-scanner/classes/class-wpl-cookie-consent-cookie-scanner-ajax.php#L847","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601475%40gdpr-cookie-consent&new=3601475%40gdpr-cookie-consent","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/376741ee-9b6b-4822-8bad-548e212cd563?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15026","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.277","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the email_template_selected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the post_title and raw post_content of arbitrary posts regardless of status (draft, private, future, trash, password-protected) or post type (including non-public CPTs such as WooCommerce orders and internal CRM records) by enumerating post IDs. The required codection-security nonce is exposed as inline JavaScript on any wp-admin page when ?post_type=acui_email_template is appended to the URL, which is reachable by any authenticated user including Subscribers."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"carazo","product":"Import and export users and customers","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:48.392392Z","id":"CVE-2026-15026","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-options.php#L357","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-templates.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.10/classes/email-templates.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-options.php#L357","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-templates.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.3.9/classes/email-templates.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601455%40import-users-from-csv-with-meta&new=3601455%40import-users-from-csv-with-meta","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/85b61e0f-3bb2-4688-b513-14f4d2da6c30?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15104","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.407","lastModified":"2026-07-10T19:17:20.210","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for WordPress is vulnerable to generic SQL Injection via the 'lang' parameter in all versions up to, and including, 4.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires a supported multilingual plugin (WPML, Polylang, qTranslate, Weglot, or TranslatePress) to be active on the site, as the vulnerable code path is gated by Helper::is_multilingual_active()."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevteam","product":"BetterDocs –  AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.6.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:58:55.081287Z","id":"CVE-2026-15104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.6.0/includes/Core/PostType.php#L767","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.6.0/includes/Core/PostType.php#L819","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.6.0/includes/Utils/Helper.php#L344","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601408%40betterdocs&new=3601408%40betterdocs","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/05dbb5f4-b73b-46b4-9177-ba1d36fe0ee7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3907","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.677","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphostel-book' shortcode in all versions up to and including 1.1.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the second shortcode attribute (used as button text) is passed to the `$text` variable without sanitization at line 79 and then output directly into an HTML `value` attribute at line 91 without `esc_attr()` or any other escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"prasunsen","product":"Hostel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:38:57.759016Z","id":"CVE-2026-3907","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/shortcodes.php#L79","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/shortcodes.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/models/hostel.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/shortcodes.php#L79","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/shortcodes.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/models/hostel.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3480942%40hostel&new=3480942%40hostel","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30339c0d-6632-4073-b4d5-3bb4a5b8a58d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6440","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.820","lastModified":"2026-07-10T17:17:03.997","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1.8. This is due to a missing nonce verification in the reset_credential() function, which handles the wp_ajax_goodmeet_reset_google_meet_credential AJAX action. While the function does verify the user's capability (manage_options), it does not validate a nonce, making it susceptible to CSRF attacks. This makes it possible for unauthenticated attackers to trick a site administrator into clicking a malicious link that will reset (delete) the plugin's stored Google Meet API credentials (goodmeet_google_credentials) and OAuth tokens (goodmeet_google_token), effectively disabling the Google Meet integration on the site."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"sovlix","product":"GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:29.603286Z","id":"CVE-2026-6440","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Goodmeet_Ajax.php#L140","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Goodmeet_Ajax.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/tags/1.1.6/includes/Googlemeet/Goodmeet_Meet.php#L544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Goodmeet_Ajax.php#L140","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Goodmeet_Ajax.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/goodmeet/trunk/includes/Googlemeet/Goodmeet_Meet.php#L544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3525854%40goodmeet&new=3525854%40goodmeet","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dc9e818d-811e-4732-9c74-8eb6753a1706?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6802","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:53.973","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdc_custom_init() function, which processes the 'eufdc-delete' parameter without any nonce verification, capability check, or attachment ownership validation. This makes it possible for unauthenticated attackers to permanently delete arbitrary media library attachments from the WordPress site."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"fahadmahmood","product":"Easy Upload Files During Checkout","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:04:21.751000Z","id":"CVE-2026-6802","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/tags/3.0.1/inc/functions.php#L587","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L195","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-upload-files-during-checkout/trunk/inc/functions.php#L587","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3522887%40easy-upload-files-during-checkout&new=3522887%40easy-upload-files-during-checkout","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5727bc4e-ee92-4913-bc8f-3d002488b383?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9838","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T09:16:54.110","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerability is reachable via the unauthenticated wp_ajax_nopriv_r34ics_ajax AJAX action, which accepts attacker-controlled js_args values merged over stored shortcode configuration without nonce verification, allowing the htmltagtitle key to bypass the normal shortcode allowlist check."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"room34","product":"ICS Calendar","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"12.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:04:26.409711Z","id":"CVE-2026-9838","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/r34ics-ajax.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.5.2/templates/calendar-month.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/r34ics-ajax.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ics-calendar/tags/12.0.8.4/templates/calendar-month.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3563728%40ics-calendar&new=3563728%40ics-calendar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a4d91b01-5034-42b5-857f-c66c875dd562?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11990","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:21.323","lastModified":"2026-07-10T19:17:19.873","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to mark arbitrary pending appointments as Confirmed and forge an associated completed payment record in wp_kc_payments_appointment_mappings using an attacker-supplied payment ID, bypassing payment entirely. This exploit is achievable on a default installation because the gateway resolution logic returns all registered gateways regardless of admin-enabled status, making the manual (KCPayLater) gateway always selectable."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"iqonicdesign","product":"KiviCare – Clinic & Patient Management System (EHR)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:16:29.142482Z","id":"CVE-2026-11990","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.3.0/app/baseClasses/KCPaymentGatewayFactory.php#L131","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.3.0/app/controllers/api/AppointmentsController.php#L3931","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.3.0/app/controllers/api/AppointmentsController.php#L465","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.3.0/app/paymentGateways/KCPayLater.php#L109","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.3.0/app/services/KCAppointmentPaymentService.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.4.0/app/baseClasses/KCPaymentGatewayFactory.php#L131","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.4.0/app/controllers/api/AppointmentsController.php#L3931","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.4.0/app/controllers/api/AppointmentsController.php#L465","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.4.0/app/paymentGateways/KCPayLater.php#L109","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.4.0/app/services/KCAppointmentPaymentService.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3599918%40kivicare-clinic-management-system&new=3599918%40kivicare-clinic-management-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/efe4223a-5c1a-401e-a46b-0278e96d2d71?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13010","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.020","lastModified":"2026-07-10T16:16:25.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The shortcode can be embedded in posts or pages by Contributor-level users, making this exploitable by any authenticated user with at least that role."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"beardev","product":"JoomSport – for Sports: Team & League, Football, Hockey & more","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.7.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:30.613546Z","id":"CVE-2026-13010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.9/includes/joomsport-shortcodes.php#L299","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/tags/5.7.9/sportleague/base/wordpress/classes/class-jsport-getplayers.php#L102","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3594276%40joomsport-sports-league-results-management&new=3594276%40joomsport-sports-league-results-management","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3aa680f-4ce2-43b2-81fb-c664e398c868?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13247","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.137","lastModified":"2026-07-10T17:16:53.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgx_tooltip_position' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"logichunt","product":"Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:50:09.261103Z","id":"CVE-2026-13247","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/admin/class-logo-slider-wp-admin.php#L996","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/public/partials/template/view-default.php#L43","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/logo-slider-wp/trunk/public/partials/view-controller.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601263%40logo-slider-wp&new=3601263%40logo-slider-wp","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dd321fd7-1f3a-4d1c-b832-69423a35fad5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13710","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:23.270","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sg_body_description' parameter in versions up to, and including, 3.2.6. This is due to insufficient input sanitization and output escaping on the description attribute in the render_body() method of the Image_Box_View class — every other attribute used by the method is wrapped in esc_attr(), but the description value is concatenated directly into HTML body context. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"jegtheme","product":"Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:14:14.401741Z","id":"CVE-2026-13710","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.1.1/class/elements/views/class-image-box-view.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L58","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.2.6/class/elements/views/class-image-box-view.php#L72","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3596439%40jeg-elementor-kit&new=3596439%40jeg-elementor-kit","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/be78b7d5-3f99-46de-b2b8-14254ee1ab71?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-41876","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.687","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user.\n\nThis issue was fixed in version v3.19-2752 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2752","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:57:08.498105Z","id":"CVE-2026-41876","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41877","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.847","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users.\n\nThis issue was fixed in version v3.19-2832 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2832","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:56:33.511506Z","id":"CVE-2026-41877","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41878","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:23.957","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file.\n\nThis issue was fixed in version v3.19-2862 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2862","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:22:59.247904Z","id":"CVE-2026-41878","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41879","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:24.077","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file.\n\nThis issue was fixed in version v3.17-2000."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.17-2000","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:19:06.995124Z","id":"CVE-2026-41879","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-41880","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T10:16:24.193","lastModified":"2026-07-10T15:46:07.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding neutralizes the injection during the standard web upload flow. An authenticated attacker who is able to trigger the OCR functionality for the uploaded file can execute OS commands within the context of a root user.\n\nThis issue was fixed in version v3.19-2862 and v3.17-2580."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"R-SOFT SERWIS","product":"DMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v3.19-2862","versionType":"custom","status":"affected"},{"version":"0","lessThan":"v3.17-2580","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T10:27:49.734940Z","id":"CVE-2026-41880","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://cert.pl/posts/2026/07/CVE-2026-41876","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-9857","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T10:16:24.310","lastModified":"2026-07-10T15:43:30.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the plugin's API key stored in wp_options, modify invoice plugin settings, and alter WooCommerce tax rate data in the wp_woocommerce_tax_rates table."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"saskaita123","product":"Invoice123","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:03:44.668414Z","id":"CVE-2026-9857","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_ApiKey.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_ApiKey.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.6.8/includes/pages/S123_InvoiceSettings.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_ApiKey.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_ApiKey.php#L29","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L18","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L26","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/saskaita123-lt/tags/1.7.0/includes/pages/S123_InvoiceSettings.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3594935%40saskaita123-lt&new=3594935%40saskaita123-lt","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d4e685a-0462-447f-a639-4f95d5aa27ab?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14461","sourceIdentifier":"cvd@cert.pl","published":"2026-07-10T11:16:32.823","lastModified":"2026-07-10T19:22:17.323","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo_lookup() function uses the length of the response as the end-of-message boundary for dn_expand() function. The result is a reliable crash.\n\n\nThis issue exists in the mtr through version 0.96 and it was fixed in commit 48e1794414d338ce47abc0f27c25ade8788af9c3."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"BitWizard","product":"mtr","defaultStatus":"unaffected","programFiles":["ui/asn.c"],"programRoutines":[{"name":"ipinfo_lookup()"}],"repo":"https://github.com/traviscross/mtr/","versions":[{"version":"0","lessThanOrEqual":"0.96","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:14:45.489929Z","id":"CVE-2026-14461","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/07/CVE-2026-14461","source":"cvd@cert.pl"},{"url":"https://github.com/traviscross/mtr/commit/48e1794414d338ce47abc0f27c25ade8788af9c3","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-58225","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-10T11:16:36.300","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection.\n\nPostgrex.Notifications sanitizes channel names with quote_channel/1, which doubles double quotes so the name is safe inside a double-quoted identifier. This protects the single-statement LISTEN and UNLISTEN paths. On every (re)connect, however, handle_connect/1 replays all registered channels at once by concatenating their LISTEN statements and wrapping them in a dollar-quoted anonymous code block (DO $$BEGIN ... END$$). quote_channel/1 does not escape the $$ dollar-quote delimiter that opens and closes this block.\n\nThe listen/3 guards only reject null bytes and names longer than 63 bytes, so a channel name containing $$ passes validation unchanged. Once such a name is embedded, its $$ prematurely terminates the outer dollar-quoted string and PostgreSQL parses the remainder as additional top-level statements. Because handle_connect/1 runs on every (re)connect, the malformed replay query is rejected each time and the notification connection never re-establishes its subscriptions, silently dropping notifications for every channel sharing that connection.\n\nAn application is affected when it passes untrusted input (for example a tenant or user identifier) as a channel name to Postgrex.Notifications.listen/3. The double-quote doubling prevents forming a fully valid injected statement, so arbitrary SQL execution is not possible, but the corrupted query reliably breaks the shared notification connection for all tenants, resulting in denial of service.\n\nThis issue affects postgrex: from 0.16.0 before 0.22.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-ecto","product":"postgrex","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"postgrex","cpes":["cpe:2.3:a:elixir-ecto:postgrex:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Postgrex.Notifications'"],"programFiles":["lib/postgrex/notifications.ex"],"programRoutines":[{"name":"'Elixir.Postgrex.Notifications':handle_connect/1"},{"name":"'Elixir.Postgrex.Notifications':listen/3"}],"repo":"https://github.com/elixir-ecto/postgrex","packageURL":"pkg:hex/postgrex","versions":[{"version":"0.16.0","lessThan":"0.22.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-ecto","product":"postgrex","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-ecto/postgrex","cpes":["cpe:2.3:a:elixir-ecto:postgrex:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Postgrex.Notifications'"],"programFiles":["lib/postgrex/notifications.ex"],"programRoutines":[{"name":"'Elixir.Postgrex.Notifications':handle_connect/1"},{"name":"'Elixir.Postgrex.Notifications':listen/3"}],"repo":"https://github.com/elixir-ecto/postgrex","packageURL":"pkg:github/elixir-ecto/postgrex","versions":[{"version":"266b530faf9bde094e31e0e4ab851f933fadc0f5","lessThan":"795c6062f62c4394272ff4b89170688857b4f841","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T11:47:10.671088Z","id":"CVE-2026-58225","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-58225.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-ecto/ecto/security/advisories/GHSA-4mw9-4qgj-m97w","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-ecto/postgrex/commit/795c6062f62c4394272ff4b89170688857b4f841","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-58225","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-ecto/ecto/security/advisories/GHSA-4mw9-4qgj-m97w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54468","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.290","lastModified":"2026-07-10T19:17:24.563","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Unisphere for PowerMax","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.3.0.7 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"10.3.1.1 Patch 11360 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:52:53.950887Z","id":"CVE-2026-54468","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000483543/dsa-2026-272-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtualappliance-dell-unisphere-360-dell-solutionsenabler-and-dell-solutionsenabler-virtualappliance-security-update-for-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56688","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.453","lastModified":"2026-07-10T17:17:01.213","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:49:45.463721Z","id":"CVE-2026-56688","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56689","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.577","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T12:59:59.557962Z","id":"CVE-2026-56689","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56690","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T12:17:23.700","lastModified":"2026-07-10T15:45:33.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T13:14:21.210025Z","id":"CVE-2026-56690","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56814","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-10T12:17:24.837","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part body bytes; part header bytes are never counted, and a part with an empty body costs zero.\n\nBecause every part whose Content-Disposition carries a non-empty filename creates a fresh temporary file (via Plug.Upload) and retains a Plug.Upload struct for the duration of the request, an attacker can send a single request composed of many empty-body file parts. Such a request stays well under the configured :length limit (8,000,000 bytes by default) while creating one temporary file per part, leading to inode and disk exhaustion and unbounded memory growth. Any application using Plug.Parsers with the :multipart parser is affected, and no authentication is required, only reachability of a multipart endpoint over HTTP.\n\nThis vulnerability is associated with program files lib/plug/parsers/multipart.ex and program routines Plug.Parsers.MULTIPART.parse_multipart/2, Plug.Parsers.MULTIPART.parse_multipart_headers/5, Plug.Parsers.MULTIPART.parse_multipart_body/4, and Plug.Parsers.MULTIPART.parse_multipart_file/4.\n\nThis issue affects plug: from 1.4.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, and from 1.20.0 before 1.20.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Parsers.MULTIPART'"],"programFiles":["lib/plug/parsers/multipart.ex"],"programRoutines":[{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart/2"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_headers/5"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_body/4"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_file/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:hex/plug","versions":[{"version":"1.4.0","lessThan":"1.16.6","versionType":"semver","status":"affected"},{"version":"1.17.0","lessThan":"1.17.4","versionType":"semver","status":"affected"},{"version":"1.18.0","lessThan":"1.18.5","versionType":"semver","status":"affected"},{"version":"1.19.0","lessThan":"1.19.5","versionType":"semver","status":"affected"},{"version":"1.20.0","lessThan":"1.20.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-plug/plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Parsers.MULTIPART'"],"programFiles":["lib/plug/parsers/multipart.ex"],"programRoutines":[{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart/2"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_headers/5"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_body/4"},{"name":"'Elixir.Plug.Parsers.MULTIPART':parse_multipart_file/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:github/elixir-plug/plug","versions":[{"version":"c52b2f32c90bccd718202bafccb5f95594e30183","lessThan":"*","versionType":"git","status":"affected","changes":[{"at":"981597d3a4271ede64373c7a731702a42c500dd6","status":"unaffected"},{"at":"56edca2ce35fe5589cd581644d8a4493fa5f484e","status":"unaffected"},{"at":"0ee8afcc61466dc5f7a8f048d0632c899165b81f","status":"unaffected"},{"at":"cae36053350e5215a4e0ca33cd130af9c5fc6364","status":"unaffected"},{"at":"f7effaed811c00b5f5bf817936bfd9c5df27b7dc","status":"unaffected"},{"at":"df97d3f17f808a9916a7700a701fb85314559d56","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:03:11.744626Z","id":"CVE-2026-56814","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-56814.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/0ee8afcc61466dc5f7a8f048d0632c899165b81f","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/56edca2ce35fe5589cd581644d8a4493fa5f484e","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/981597d3a4271ede64373c7a731702a42c500dd6","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/cae36053350e5215a4e0ca33cd130af9c5fc6364","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/df97d3f17f808a9916a7700a701fb85314559d56","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/f7effaed811c00b5f5bf817936bfd9c5df27b7dc","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/security/advisories/GHSA-95qv-c9g9-rm63","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-56814","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"}]}},{"cve":{"id":"CVE-2026-54470","sourceIdentifier":"security_alert@emc.com","published":"2026-07-10T13:16:20.550","lastModified":"2026-07-10T16:16:32.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Unisphere for PowerMax","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.3.0.7 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"10.3.1.1 Patch 11360 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:42:54.892451Z","id":"CVE-2026-54470","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000483543/dsa-2026-272-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtualappliance-dell-unisphere-360-dell-solutionsenabler-and-dell-solutionsenabler-virtualappliance-security-update-for-multiple-vulnerabilities","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-56813","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-10T13:16:20.663","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes.\n\nThe Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value and its path, domain, same_site, and extra attributes directly into the header without neutralizing the ';' delimiter that separates cookie attributes.\n\nAn application that places attacker-controlled data into a cookie value or attribute (for example via Plug.Conn.put_resp_cookie/4 when reflecting a username or preference) lets an attacker inject a ';' to append or override cookie attributes (such as Domain and Path scope, or dropping the Secure and HttpOnly flags), enabling cookie tossing and session fixation. Carriage return, line feed, and null bytes are rejected by Plug.Conn header validation, so HTTP response splitting is not possible, but attribute injection through ';' is not prevented.\n\nThis issue affects plug: from 0.1.0 before 1.16.6, from 1.17.0 before 1.17.4, from 1.18.0 before 1.18.5, from 1.19.0 before 1.19.5, from 1.20.0 before 1.20.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Conn.Cookies'","'Elixir.Plug.Conn'"],"programFiles":["lib/plug/conn/cookies.ex"],"programRoutines":[{"name":"'Elixir.Plug.Conn.Cookies':encode/2"},{"name":"'Elixir.Plug.Conn':put_resp_cookie/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:hex/plug","versions":[{"version":"0.1.0","lessThan":"1.16.6","versionType":"semver","status":"affected"},{"version":"1.17.0","lessThan":"1.17.4","versionType":"semver","status":"affected"},{"version":"1.18.0","lessThan":"1.18.5","versionType":"semver","status":"affected"},{"version":"1.19.0","lessThan":"1.19.5","versionType":"semver","status":"affected"},{"version":"1.20.0","lessThan":"1.20.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-plug/plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Conn.Cookies'","'Elixir.Plug.Conn'"],"programFiles":["lib/plug/conn/cookies.ex"],"programRoutines":[{"name":"'Elixir.Plug.Conn.Cookies':encode/2"},{"name":"'Elixir.Plug.Conn':put_resp_cookie/4"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:github/elixir-plug/plug","versions":[{"version":"f26876aa67aaeb38e616638aa3efbcc2fe2906a5","lessThan":"*","versionType":"git","status":"affected","changes":[{"at":"3f00dfad4e20ba88472e315c90a25742bf178f8e","status":"unaffected"},{"at":"a6d1248659022749869963fd302687165ecf8c8b","status":"unaffected"},{"at":"4167981747fe9ce75f374b94a28861ae950ea992","status":"unaffected"},{"at":"149d9ed68fee0b4f77efd1e835ce5d785856697b","status":"unaffected"},{"at":"eceb8315ce9a31ef784943a95a8624ebd1bc7e06","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:43:36.298825Z","id":"CVE-2026-56813","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-141"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-56813.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/c6575800b2c4e15af1904df87522ca8a23da020c","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/security/advisories/GHSA-wpmj-jh88-rpgm","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-56813","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"}]}},{"cve":{"id":"CVE-2026-38057","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T15:16:39.397","lastModified":"2026-07-10T17:16:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an authenticated administrator, automatically submits a cross-site POST request causing an immediate device reboot and satellite link loss. Repeated attacks can sustain a denial-of-service condition."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"ST Engineering iDirect","product":"Evolution iQ‑Series terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"3315-Series","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"9-Series Terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:22:04.408644Z","id":"CVE-2026-38057","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://support.idirect.net/s/login","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-38059","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-07-10T15:16:39.563","lastModified":"2026-07-10T17:16:57.000","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. The DID and TPK are used for satellite network authentication in the iDirect platform, potentially enabling terminal impersonation and network reconnaissance."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"ST Engineering iDirect","product":"Evolution iQ‑Series terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"3315-Series","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]},{"vendor":"ST Engineering iDirect","product":"9-Series Terminals","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.2.1","versionType":"custom","status":"affected"},{"version":"4.5.2.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:18:45.509494Z","id":"CVE-2026-38059","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://support.idirect.net/s/login","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-56254","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:41.810","lastModified":"2026-07-10T16:16:33.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo server can create a validly signed update bundle and cause devices to install an update not produced by the original app maker."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"capacitor-updater","product":"capacitor-updater","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo/capacitor-updater","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:17:07.705805Z","id":"CVE-2026-56254","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-320"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-j2f4-4pfc-p8rx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capacitor-updater-end-to-end-encryption-bypass-via-private-key-distribution","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56279","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.157","lastModified":"2026-07-10T16:16:33.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles, management emails, and billing metadata."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:44:27.423019Z","id":"CVE-2026-56279","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fch8-pp28-mw2x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-information-disclosure-via-get-orgs-v7-rpc-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fch8-pp28-mw2x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56309","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.440","lastModified":"2026-07-10T16:16:34.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bundle metadata, and survive app deletion, enabling storage and bandwidth abuse."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:12:45.415501Z","id":"CVE-2026-56309","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q52j-ggvx-cr4v","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-plan-bypass-via-unrestricted-attachment-upload-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q52j-ggvx-cr4v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56312","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.587","lastModified":"2026-07-10T17:17:00.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn invite links."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:49:33.747729Z","id":"CVE-2026-56312","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-whc5-fvr7-g5v3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-account-creation-before-captcha-validation-in-accept-invitation-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56329","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.727","lastModified":"2026-07-10T17:17:00.643","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview misrouting and denial of preview access for victim applications."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:45:10.865078Z","id":"CVE-2026-56329","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-76qq-gg2p-pwwj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-tenant-preview-namespace-collision-via-non-bijective-underscore-decoding","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-76qq-gg2p-pwwj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56335","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:42.880","lastModified":"2026-07-10T16:16:34.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive channel attributes such as public, allow_emulator, and security-related flags outside intended application routes."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:56:47.365326Z","id":"CVE-2026-56335","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ph9c-vwjq-pqhj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-channel-configuration-mutation-via-write-scoped-api-keys","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ph9c-vwjq-pqhj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56765","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:43.727","lastModified":"2026-07-10T17:56:00.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all file attachments across all projects instance-wide."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vikunja","product":"Vikunja","defaultStatus":"unaffected","packageURL":"pkg:golang/code.vikunja.io/api","versions":[{"version":"0","lessThan":"2.2.1","versionType":"semver","status":"affected"},{"version":"2.2.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:40:04.075201Z","id":"CVE-2026-56765","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2pv8-4c52-mf8j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vikunja-unauthenticated-instance-wide-data-breach-via-link-share-hash-disclosure-chained-with-cross-project-attachment-idor","source":"disclosure@vulncheck.com"},{"url":"https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2pv8-4c52-mf8j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57961","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:47.057","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths() function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path resolution logic locates the substring \"content\" within a user-controlled path using strpos(); when \"content\" is absent, strpos() returns false, which becomes 0 when cast to an integer, preserving the entire attacker-controlled path. This path is later passed to file_get_contents() without canonicalization or root-directory containment validation, which may allow reading of files outside the intended content directory."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"phpMyFAQ","product":"phpMyFAQ","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.1.5","versionType":"semver","status":"affected"},{"version":"4.1.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:14:25.295975Z","id":"CVE-2026-57961","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-88g4-74f3-63x9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-authenticated-path-traversal-in-pdf-export-via-concatenatepaths-function","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-57994","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:47.850","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive (draft or review-only) FAQ content. Specifically, GET /api/v3.1/faq/{categoryId}/{faqId} returns the inactive FAQ title and full answer, while GET /api/v3.1/faqs/tags/{tagId} and GET /api/v4.0/faqs/tags/{tagId} return the inactive FAQ title and answer preview, disclosing non-public content."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"phpMyFAQ","product":"phpMyFAQ","defaultStatus":"unaffected","versions":[{"version":"4.1.0","lessThan":"4.1.5","versionType":"semver","status":"affected"},{"version":"4.1.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:53:43.057049Z","id":"CVE-2026-57994","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mf8r-wm2w-f8c5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-information-disclosure-of-inactive-faq-content-via-public-api-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mf8r-wm2w-f8c5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59791","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.110","lastModified":"2026-07-10T18:58:17.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"YouTrack","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.2.17012","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:45:20.326917Z","id":"CVE-2026-59791","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.2.17012","matchCriteriaId":"0ED3E61C-FFDE-41D6-80E0-F081073A54BF"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59794","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:48.463","lastModified":"2026-07-10T18:49:04.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"TeamCity","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:18:35.273081Z","id":"CVE-2026-59794","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.2","matchCriteriaId":"D410BA29-5145-4A5C-BFDF-B79E4A104992"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-60089","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.567","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.output_file path. A repository-controlled config file can set output_file to an absolute or '..' traversal path; when the developer subsequently calls agent.start() without explicitly passing an output parameter, PraisonAI writes the agent response to that path (creating parent directories as needed), allowing an untrusted checked-out project to overwrite files outside the project root with the privileges of the user running PraisonAI."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:03:27.216214Z","id":"CVE-2026-60089","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/3aa9cbc2bd49c23a32be0a89a5e620d13d843eab","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qjw5-xwrp-xwpq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-path-traversal-via-config-toml","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qjw5-xwrp-xwpq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-60091","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.700","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhook_url parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a blind SSRF attack."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:39:40.340456Z","id":"CVE-2026-60091","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4w49-gwv8-fpjg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-unauthenticated-ssrf-via-webhook-url","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-61431","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:49.947","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and include their contents in the generated context bundle."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:19:09.542793Z","id":"CVE-2026-61431","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/1620b49f36945d8cc8ee5635b906c960df5097a0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q7m5-3jmv-vm48","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-path-traversal-via-contextgatherer","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q7m5-3jmv-vm48","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61432","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.077","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastContext feature (praisonaiagents.context.fast). FastContextAgent.execute_tool() prepends the configured workspace_path only for relative paths and neither rejects absolute paths nor canonicalizes joined paths before enforcing workspace containment. As a result, tool arguments or model-generated function calls to grep_search, glob_search, read_file, or list_directory can supply absolute paths or '../' traversal sequences to read, search, and enumerate files outside the intended workspace directory, with file contents returned to the caller or injected into the model's tool-result context."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.6.78","versionType":"semver","status":"affected"},{"version":"1.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:51:16.303986Z","id":"CVE-2026-61432","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/1620b49f36945d8cc8ee5635b906c960df5097a0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4xxv-6wmf-xf45","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-fastcontext-before-path-traversal","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-4xxv-6wmf-xf45","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61434","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.213","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai","versions":[{"version":"0","lessThan":"4.6.78","versionType":"semver","status":"affected"},{"version":"4.6.78","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:45:54.802927Z","id":"CVE-2026-61434","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-before-allowlist-bypass-via-find-exec","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61441","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.480","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a dependency through an owner-created issue endpoint (which returns 403) can delete the same dependency edge by targeting a related member-owned issue endpoint, because permission is validated against the member-owned issue's owner. This allows members to bypass owner/admin authorization and remove owner-created issue dependencies."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MervinPraison","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonai-platform","versions":[{"version":"0","lessThan":"0.1.9","versionType":"semver","status":"affected"},{"version":"0.1.9","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:52:32.002320Z","id":"CVE-2026-61441","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/commit/846568c7a5d8ce9e71e56e4c213f027c04909753","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-mxmx-rh57-jx58","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-platform-before-authorization-bypass-via-dependencies","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-mxmx-rh57-jx58","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61450","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.740","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user, or anyone able to write to user/pages) to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method allowlist, the raw container remains accessible via the allow-listed grav.offsetGet('config'), which returns the real Config object. Allow-listed object-dumping filters (json_encode, print_r, yaml_encode) then serialize that object at the PHP level without invoking the sandbox method gate, exposing the full config tree including plugin secrets such as SMTP credentials, API keys, and plugin DB credentials. This is an incomplete fix for GHSA-j274-39qw-32c9."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2","versionType":"semver","status":"affected"},{"version":"2.0.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:46:11.337524Z","id":"CVE-2026-61450","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-mc5q-6hpj-rp7j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-before-config-exfiltration-via-offsetget-filter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-mc5q-6hpj-rp7j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61455","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:50.877","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage resources."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.1","versionType":"semver","status":"affected"},{"version":"2.0.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:49:21.784927Z","id":"CVE-2026-61455","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-928x-9mpw-8h56","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-before-decompression-bomb-via-ziparchiver","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-928x-9mpw-8h56","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61456","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T15:16:51.023","lastModified":"2026-07-10T17:41:47.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/media endpoint. The HandlesMediaUploads::processUploadedFile() method validates only the file extension and never invokes Security::sanitizeSVG(), so an authenticated attacker with the api.media.write permission can upload an SVG containing arbitrary JavaScript. The file is stored unmodified and served with Content-Type: image/svg+xml; when an administrator opens it in a browser (directly or via <object>/<iframe>), the embedded script executes in their session context, enabling cookie theft and session hijacking."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.0.3","versionType":"semver","status":"affected"},{"version":"1.0.3","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:45:09.952855Z","id":"CVE-2026-61456","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-7vhm-8x52-2r5p","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-before-stored-xss-via-svg-upload-api","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-7vhm-8x52-2r5p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-61492","sourceIdentifier":"cve@jetbrains.com","published":"2026-07-10T15:16:51.153","lastModified":"2026-07-10T18:57:39.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"YouTrack","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.2.17394","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:14:28.411503Z","id":"CVE-2026-61492","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.2.17394","matchCriteriaId":"C1AA61F9-FE39-4425-BC11-61AD93279321"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-15143","sourceIdentifier":"secalert@redhat.com","published":"2026-07-10T16:16:25.680","lastModified":"2026-07-10T17:49:57.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or access to internal network services."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-built-in-detector-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-guardrails-detector-huggingface-runtime-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:42:19.456726Z","id":"CVE-2026-15143","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15143","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498165","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-46388","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:31.400","lastModified":"2026-07-10T20:16:45.867","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads are possible, such as sensitive local files. This issue is fixed in version 5.23.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"osquery","product":"osquery","versions":[{"version":"< 5.23.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:03:00.746306Z","id":"CVE-2026-46388","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-279"},{"lang":"en","value":"CWE-378"},{"lang":"en","value":"CWE-379"}]}],"references":[{"url":"https://github.com/osquery/osquery/commit/6dabe9ded33bf9c6fc0f3e37ec364a1cbbd25d68","source":"security-advisories@github.com"},{"url":"https://github.com/osquery/osquery/pull/8961","source":"security-advisories@github.com"},{"url":"https://github.com/osquery/osquery/releases/tag/5.23.1","source":"security-advisories@github.com"},{"url":"https://github.com/osquery/osquery/security/advisories/GHSA-fg78-9q98-62hh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54149","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:32.587","lastModified":"2026-07-10T19:10:59.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not consistently validate MCP transport type, allowing an authenticated user to import a .tool file containing stdio transport with malicious commands and trigger the configuration through an AI Chat node so MultiServerMCPClient executes arbitrary system commands. This issue is fixed in version 2.10.0-lts."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"1Panel-dev","product":"MaxKB","versions":[{"version":"< 2.10.0-lts","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:01:03.903578Z","id":"CVE-2026-54149","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/1Panel-dev/MaxKB/releases/tag/v2.10.0-lts","source":"security-advisories@github.com"},{"url":"https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-4pr3-9xhm-98x5","source":"security-advisories@github.com"},{"url":"https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-4pr3-9xhm-98x5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55500","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:33.357","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.4.80","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T15:39:22.455445Z","id":"CVE-2026-55500","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/0c7c9de00ae3ab81d6580e3cc368483c4c03f6fd","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.4.80","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55501","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T16:16:33.493","lastModified":"2026-07-10T17:25:46.957","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail. A remote attacker can rotate the X-Forwarded-For value on each login attempt to receive a fresh rate-limit bucket, bypass the 5-attempt threshold and progressive lockout durations, and perform unlimited brute-force attempts against the dashboard password. This issue is fixed in version 0.4.80."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.4.80","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:44:55.006800Z","id":"CVE-2026-55501","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/7648c3412b403a29f04967c4b4e9725e228791d4","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.4.80","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-70796","sourceIdentifier":"cve@mitre.org","published":"2026-07-10T17:16:52.767","lastModified":"2026-07-10T19:17:19.613","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web root directory. This may allow disclosure of sensitive system files and configuration data"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:04:30.676212Z","id":"CVE-2025-70796","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/LPO26/Path-Traversal-via-Web-Interface-on-WTI-Devices/blob/main/CVE%20Summary","source":"cve@mitre.org"},{"url":"https://github.com/LPO26/Path-Traversal-via-Web-Interface-on-WTI-Devices/tree/main","source":"cve@mitre.org"},{"url":"https://github.com/LPO26/Path-Traversal-via-Web-Interface-on-WTI-Devices/blob/main/CVE%20Summary","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-1667","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T17:16:54.597","lastModified":"2026-07-10T19:17:21.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to create arbitrary posts, and, if the Advanced Custom Fields plugin is installed and activated, inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cifi","product":"GEO Plugin by Squirrly SEO","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"14.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:17:23.244543Z","id":"CVE-2026-1667","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&new=3586051%40squirrly-seo&old=3474256%40squirrly-seo","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aebdd464-10b9-4d43-bf38-f0e8ae25625f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-2398","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-10T17:16:56.320","lastModified":"2026-07-10T18:16:20.733","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation.\n\nThis issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Adam Retail Automation Ltd.","product":"MobilMen 20T","defaultStatus":"unknown","versions":[{"version":"v3","lessThanOrEqual":"10072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:36:53.025719Z","id":"CVE-2026-2398","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0526","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-39244","sourceIdentifier":"cve@mitre.org","published":"2026-07-10T17:16:57.123","lastModified":"2026-07-10T19:17:23.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc(_centralHeader.size) allocates memory based on the declared uncompressed size from the ZIP central directory header without validating it against the actual compressed data size or imposing any upper bound. The size value is read directly from the binary header at entryHeader.js line 266 with no bounds check. An attacker can craft a ~120-byte ZIP file that declares ~4GB uncompressed size, causing a memory allocation amplification ratio of over 33 million to 1. The allocation occurs before CRC validation, so the malicious payload cannot be rejected early. All extraction and read methods are affected: readFile(), readAsText(), extractEntryTo(), extractAllTo(), extractAllToAsync(), test(), and entry.getData(). Any application accepting untrusted ZIP files via adm-zip is vulnerable to immediate process crash."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:09:41.844175Z","id":"CVE-2026-39244","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/cthackers/adm-zip","source":"cve@mitre.org"},{"url":"https://github.com/cthackers/adm-zip/issues/568","source":"cve@mitre.org"},{"url":"https://www.npmjs.com/package/adm-zip","source":"cve@mitre.org"},{"url":"https://github.com/cthackers/adm-zip/issues/568","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-3251","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-10T17:16:57.367","lastModified":"2026-07-10T18:16:21.927","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS.\n\nThis issue affects Mezunum Satiyorum: from 1.2.504 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Webremium Istanbul Web Design","product":"Mezunum Satiyorum","defaultStatus":"unknown","versions":[{"version":"1.2.504","lessThanOrEqual":"10072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:39:09.185686Z","id":"CVE-2026-3251","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0525","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-51119","sourceIdentifier":"cve@mitre.org","published":"2026-07-10T17:16:57.587","lastModified":"2026-07-10T19:17:23.787","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:00:37.864538Z","id":"CVE-2026-51119","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"http://affected.com","source":"cve@mitre.org"},{"url":"http://invixium.com","source":"cve@mitre.org"},{"url":"https://github.com/A17-ba/CVE-2026-51119","source":"cve@mitre.org"},{"url":"https://invixium.com","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-54063","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:58.440","lastModified":"2026-07-10T19:17:24.330","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row r=\"N\"> XML attribute value directly as the length argument to make([]xlsxRow, row) without validating it against the Excel row limit (TotalRows = 1,048,576). A specially crafted XLSX file can trigger two denial-of-service variants: (A) an out-of-memory process kill when r=2147483647 forces a ~16 GB allocation attempt, and (B) a runtime panic via out-of-bounds slice indexing when r=-1. Any service that opens attacker-supplied XLSX files and calls GetCellValue is affected. No authentication is required. This issue is fixed in version 2.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"qax-os","product":"excelize","versions":[{"version":"< 2.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:39:45.896640Z","id":"CVE-2026-54063","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/qax-os/excelize/releases/tag/v2.11.0","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-h69g-9hx6-f3v4","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-h69g-9hx6-f3v4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55638","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:59.183","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:45:56.907696Z","id":"CVE-2026-55638","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55641","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:59.330","lastModified":"2026-07-10T20:16:47.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:06:04.625545Z","id":"CVE-2026-55641","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-348"},{"lang":"en","value":"CWE-918"},{"lang":"en","value":"CWE-1327"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55669","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:59.460","lastModified":"2026-07-10T19:17:25.870","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) but not the audience (aud) claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted by ZITADEL. This issue is fixed in versions 3.4.12 and 4.15.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":">= 4.0.0-rc.1, < 4.15.2","status":"affected"},{"version":"< 3.4.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:16:38.817721Z","id":"CVE-2026-55669","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/releases/tag/v3.4.12","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.2","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-g5h5-m4hm-xjrr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55783","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:00.147","lastModified":"2026-07-10T19:17:26.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passing Indices as NULL and NumItems as 0xFFFFFFFF. This causes a NULL pointer dereference in the standard Test archive or Extract all code path for WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archives, resulting in a process crash. This issue is fixed in version 6.5.1749.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"M2Team","product":"NanaZip","versions":[{"version":"< 6.5.1749.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.4,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:38:42.233516Z","id":"CVE-2026-55783","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/M2Team/NanaZip/commit/5d74d90b737ac7096e5d944a5a3070c5c6a8f894","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/releases/tag/6.5.1749.0","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-q67r-9cfh-xc29","source":"security-advisories@github.com"},{"url":"https://github.com/M2Team/NanaZip/security/advisories/GHSA-q67r-9cfh-xc29","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55890","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:00.400","lastModified":"2026-07-10T19:17:26.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdown image style parameters that are written into the rendered img style attribute without sanitization. This issue is fixed in version 2.0.0-rc.9."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"< 2.0.0-rc.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:39:15.530035Z","id":"CVE-2026-55890","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/getgrav/grav/commit/24fd6cbc438e12310b126d1176e7d7601203a6f2","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/releases/tag/2.0.0-rc.9","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-pmf8-g7c8-7v54","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-pmf8-g7c8-7v54","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56675","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.070","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:54:55.352353Z","id":"CVE-2026-56675","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-441"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-x5c9-v98j-722r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57167","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.430","lastModified":"2026-07-10T18:56:43.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker's videos. This issue is fixed in version 8.2.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Chocobozzz","product":"PeerTube","versions":[{"version":"< 8.2.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T17:42:35.684811Z","id":"CVE-2026-57167","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://github.com/Chocobozzz/PeerTube/commit/45394d701b08e87d72b8f0c1866b881f2becbde3","source":"security-advisories@github.com"},{"url":"https://github.com/Chocobozzz/PeerTube/releases/tag/v8.2.2","source":"security-advisories@github.com"},{"url":"https://github.com/Chocobozzz/PeerTube/security/advisories/GHSA-jxwq-h9xv-hr28","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-58492","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:01.670","lastModified":"2026-07-10T17:35:11.103","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin or developer code to execute arbitrary SQL against the configured database. This issue is fixed in version 1.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"< 1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:47:46.202785Z","id":"CVE-2026-58492","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/getgrav/grav-plugin-database/commit/f6d058785c9e23df7efc5ea7556f8746fef286df","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav-plugin-database/releases/tag/1.2.0","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-8jxg-4pw9-xcwf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59162","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.377","lastModified":"2026-07-10T19:17:26.940","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with -1 to trigger sharedStrings[-1] and panic when read through GetCellValue or GetRows. This issue is fixed in version 2.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"qax-os","product":"excelize","versions":[{"version":"< 2.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:40:21.218933Z","id":"CVE-2026-59162","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-755"}]}],"references":[{"url":"https://github.com/qax-os/excelize/commit/93f0b3caed37f21ef5079e3259c6c21dcfe68453","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/pull/2331","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/releases/tag/v2.11.0","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-fx5j-qcqg-grpf","source":"security-advisories@github.com"},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-fx5j-qcqg-grpf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59180","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.503","lastModified":"2026-07-10T19:22:24.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py follow HTTP redirects by default and resend user-configured auth headers and query parameters on the redirected request, allowing a compromised trusted destination or on-path attacker to receive secrets such as Authorization headers, bearer tokens, custom headers, and service keys. This issue is fixed in version 1.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"caronc","product":"apprise","versions":[{"version":"< 1.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T16:53:13.109929Z","id":"CVE-2026-59180","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/caronc/apprise/commit/68c0aef218055e4586cf4605fd6b56358f5f462d","source":"security-advisories@github.com"},{"url":"https://github.com/caronc/apprise/pull/1610","source":"security-advisories@github.com"},{"url":"https://github.com/caronc/apprise/releases/tag/v1.11.0","source":"security-advisories@github.com"},{"url":"https://github.com/caronc/apprise/security/advisories/GHSA-856c-92hv-3vxx","source":"security-advisories@github.com"},{"url":"https://github.com/caronc/apprise/security/advisories/GHSA-856c-92hv-3vxx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59190","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.647","lastModified":"2026-07-10T19:17:27.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST request to /admin/user/{username}?task=save with data[password] because saveUser authorizes the caller's user-management permission but does not verify whether the caller may edit the target user. This issue is expected to be fixed in version 1.10.53."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":"<= 1.10.52","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:15:47.407180Z","id":"CVE-2026-59190","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/getgrav/grav-plugin-admin/commit/88f7ce8e50324472f492965caa42fb709a4f791a","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-p97c-g455-q447","source":"security-advisories@github.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-p97c-g455-q447","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59193","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.773","lastModified":"2026-07-10T20:16:48.807","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"getgrav","product":"grav","versions":[{"version":">= 1.0.0, < 2.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:04:43.281679Z","id":"CVE-2026-59193","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"2.0.0","matchCriteriaId":"7FCD1A88-08DE-490F-83CB-2BF6B0ED52F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:2.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"1ABB323F-20AF-40F3-BCD9-262644D242A1"}]}]}],"references":[{"url":"https://github.com/getgrav/grav/commit/23d6f2adf4ce11889c088ac8557c8314baeef781","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/getgrav/grav/releases/tag/2.0.0","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2397","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-10T18:16:20.613","lastModified":"2026-07-10T19:17:22.593","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection.\n\nThis issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Adam Retail Automation Ltd.","product":"MobilMen 20T","defaultStatus":"unknown","versions":[{"version":"v3","lessThanOrEqual":"10072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:14:52.106856Z","id":"CVE-2026-2397","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0526","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-53780","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T18:16:22.653","lastModified":"2026-07-10T18:16:22.653","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-55672","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:23.637","lastModified":"2026-07-10T19:17:25.983","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refresh tokens to be exchanged under a different client. This issue is fixed in versions 3.4.12 and 4.15.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":">= 4.0.0-rc.1, < 4.15.2","status":"affected"},{"version":"< 3.4.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:38:05.489144Z","id":"CVE-2026-55672","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/562403079a98cf2059cdac11865a45e2f285be71","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/commit/5b1708e0e650398f0ebc3341714f0798b0118917","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v3.4.12","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.2","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-xqxv-4jc2-x56x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56664","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:23.890","lastModified":"2026-07-10T19:17:26.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens from a trusted issuer to pass authentication. This issue is fixed in versions 3.4.12 and 4.15.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":">= 4.0.0-rc.1, < 4.15.2","status":"affected"},{"version":"< 3.4.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:01:03.850160Z","id":"CVE-2026-56664","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/4925fab849d39a88674485d937b79e54318b48a8","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/commit/d1c3aa84af8fcb0f33910ada30b866f4afb551ac","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v3.4.12","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.2","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-wxg7-w2v3-w38g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56665","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T18:16:24.020","lastModified":"2026-07-10T19:17:26.663","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips expiration handling when an incoming token omits the exp claim, allowing a token from a trusted issuer to be treated as valid without an automatic expiration window. This issue is fixed in versions 3.4.12 and 4.15.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":">= 4.0.0-rc.1, < 4.15.2","status":"affected"},{"version":"< 3.4.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:17:34.928689Z","id":"CVE-2026-56665","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/zitadel/zitadel/commit/4925fab849d39a88674485d937b79e54318b48a8","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/commit/d1c3aa84af8fcb0f33910ada30b866f4afb551ac","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v3.4.12","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.15.2","source":"security-advisories@github.com"},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-v77h-2w3m-94hx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57474","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-10T18:16:24.657","lastModified":"2026-07-10T18:20:24.513","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Deloitte","product":"AI Assist for Customer","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-03-25","versionType":"custom","status":"affected"},{"version":"2026-03-25","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-23T18:28:53.791135Z","id":"CVE-2026-57474","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57474","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-57475","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-10T18:16:24.813","lastModified":"2026-07-10T18:20:24.513","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Deloitte","product":"AI Assist for Customer","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-03-25","versionType":"custom","status":"affected"},{"version":"2026-03-25","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-23T18:30:43.710557Z","id":"CVE-2026-57475","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57474","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-57476","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-10T18:16:24.947","lastModified":"2026-07-10T18:20:24.513","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Deloitte","product":"AI Assist for Customer","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-03-25","versionType":"custom","status":"affected"},{"version":"2026-03-25","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-23T18:31:21.217805Z","id":"CVE-2026-57476","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-191-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57474","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/assets/VU487875-deloitte-ascend-advisory.pdf","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://zerotolerance.me/advisories/deloitte-aiassist-ascend-2026-vu487875/","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-15146","sourceIdentifier":"cret@cert.org","published":"2026-07-10T19:17:20.307","lastModified":"2026-07-10T20:16:45.600","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an attacker to forge server-side requests (SSRF) from the machine running Wget, potentially accessing localhost services or internal network resources."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"GNU wget","product":"Wget","versions":[{"version":"0","lessThanOrEqual":"1.25.0 before commit 4f85853f641863d5915786a8413e1a213726a62b","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:17:02.863029Z","id":"CVE-2026-15146","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://cgit.git.savannah.gnu.org/cgit/wget.git/commit/?id=4f85853f641863d5915786a8413e1a213726a62b","source":"cret@cert.org"},{"url":"https://kb.cert.org/vuls/id/564823","source":"cret@cert.org"},{"url":"https://www.kb.cert.org/vuls/id/564823","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-53448","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:23.930","lastModified":"2026-07-10T19:20:15.180","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The is_secure_string filter that protects the STUN protocol path is not applied to the admin panel's delete-user, delete-secret, and delete-IP operations, so an authenticated admin can inject arbitrary SQL through the du, ds, and dip parameters, gaining full database control and potentially OS-level access via PostgreSQL COPY TO PROGRAM. This issue is fixed in version 4.12.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coturn","product":"coturn","versions":[{"version":"< 4.12.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:37:32.112237Z","id":"CVE-2026-53448","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/coturn/coturn/commit/b84dbab1d1aa6e2bf0211a1cdbb250d6de2a0d09","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/pull/1924","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/releases/tag/4.12.0","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-v8hj-2xx7-xmp5","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-v8hj-2xx7-xmp5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53450","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:24.193","lastModified":"2026-07-10T20:16:46.040","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN XOR-PEER-ADDRESS attribute. ioa_addr_is_loopback checks for the literal IPv6 loopback shape before IPv4-mapped IPv6 handling, so good_peer_addr does not apply the default loopback rejection and an authenticated TURN client can expose services bound only to localhost on the coturn host through TURN relay traffic. This issue is fixed in version 4.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coturn","product":"coturn","versions":[{"version":"< 4.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:03:17.943181Z","id":"CVE-2026-53450","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/coturn/coturn/commit/b057acbebe721c8f2f202ddad5e16289e295c754","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-w4hf-cr3w-6h79","source":"security-advisories@github.com"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-w4hf-cr3w-6h79","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55474","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:25.080","lastModified":"2026-07-10T20:16:47.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:12:19.818201Z","id":"CVE-2026-55474","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.5.0","matchCriteriaId":"F3F8268E-FCC1-4A66-A4F6-EEC79F3D7BD6"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/commit/cd69a7ea53e030e6e05f08be18daac672c8c4121","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/grokability/snipe-it/pull/18927","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/grokability/snipe-it/releases/tag/v8.5.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-c6f4-wj38-m3g3","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5801","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-10T19:17:27.323","lastModified":"2026-07-10T20:16:48.923","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection.\n\nThis issue affects SEM-PMP: through 23042026."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Semtek Informatics Software Consulting Trade Ltd. Co.","product":"SEM-PMP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"23042026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:05:45.471123Z","id":"CVE-2026-5801","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0527","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-61460","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T19:17:27.587","lastModified":"2026-07-10T20:16:49.030","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CRM records and reassign ownership by exploiting missing record-level ownership validation in edit, update, and destroy methods."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"krayin","product":"laravel-crm","defaultStatus":"unaffected","repo":"https://github.com/krayin/laravel-crm","packageURL":"pkg:composer/krayin/laravel-crm","versions":[{"version":"0","lessThanOrEqual":"2.2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:10:01.301600Z","id":"CVE-2026-61460","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/krayin/laravel-crm/issues/2559","source":"disclosure@vulncheck.com"},{"url":"https://github.com/krayin/laravel-crm/pull/2567","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/krayin-crm-insecure-direct-object-reference-via-controllers","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-61461","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-10T19:17:27.713","lastModified":"2026-07-10T20:16:49.137","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or parameterization. Attackers can inject malicious SQL through the search parameters to read, modify, or delete data in the underlying ClickHouse database."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"langgenius","product":"dify","defaultStatus":"unaffected","repo":"https://github.com/langgenius/dify","packageURL":"pkg:npm/dify","versions":[{"version":"0","lessThan":"1.16.0-rc1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:54:26.930189Z","id":"CVE-2026-61461","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/langgenius/dify/commit/d9884efaeea8322706e24c560d2c17e5bf3fab5f","source":"disclosure@vulncheck.com"},{"url":"https://github.com/langgenius/dify/issues/38281","source":"disclosure@vulncheck.com"},{"url":"https://github.com/langgenius/dify/pull/38295","source":"disclosure@vulncheck.com"},{"url":"https://github.com/langgenius/dify/releases/tag/1.16.0-rc1","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/dify-rc1-sql-injection-via-myscale-vector-store-search-by-full-text","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-6212","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-10T19:17:27.840","lastModified":"2026-07-10T20:16:49.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse.\n\nThis issue affects TeraMIS: from V03.26.01.14 through 30.04.2026."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Teracity Software Technologies Inc.","product":"TeraMIS","defaultStatus":"unaffected","versions":[{"version":"V03.26.01.14","lessThanOrEqual":"30.04.2026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T19:13:38.327131Z","id":"CVE-2026-6212","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0528","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-6872","sourceIdentifier":"security@wordfence.com","published":"2026-07-10T19:17:27.947","lastModified":"2026-07-10T19:17:27.947","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."}],"metrics":{},"references":[]}}]}